Описание
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rbac-query-proxy-container | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/endpoint-monitoring-rhel8-operator | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grafana-dashboard-loader-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/metrics-collector-rhel9 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/multicluster-observability-rhel8-operator | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-cluster-monitoring-operator | Out of support scope | ||
| Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-monitoring-operator | Fixed | RHSA-2024:2782 | 16.05.2024 |
| Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-monitoring-operator | Fixed | RHSA-2024:2047 | 02.05.2024 |
| Red Hat OpenShift Container Platform 4.14 | openshift4/cloud-network-config-controller-rhel8 | Fixed | RHSA-2024:1891 | 26.04.2024 |
| Red Hat OpenShift Container Platform 4.14 | openshift4/driver-toolkit-rhel9 | Fixed | RHSA-2024:1891 | 26.04.2024 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2262158cluster-monitoring-operator: credentials leak
EPSS
Процентиль: 43%
0.00206
Низкий
7.7 High
CVSS3
Связанные уязвимости
CVSS3: 7.7
nvd
почти 2 года назад
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
CVSS3: 7.7
github
почти 2 года назад
Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak
EPSS
Процентиль: 43%
0.00206
Низкий
7.7 High
CVSS3