What is the severity of CVE-2022-1833?

The severity of CVE-2022-1833 is high with a severity value of 8.8.

How does CVE-2022-1833 affect AMQ Broker Operator?

CVE-2022-1833 affects AMQ Broker Operator 7.9.4.

How can a low-privilege user exploit CVE-2022-1833?

A low-privilege user with access to the namespace where AMQ Operator is deployed can exploit CVE-2022-1833 by checking the secrets to gain clusterwide edit rights.

What is the solution for CVE-2022-1833?

To mitigate CVE-2022-1833, apply the patch or upgrade to a version of AMQ Broker Operator that is not affected.

Where can I find more information about CVE-2022-1833?

You can find more information about CVE-2022-1833 in the CVE record, NVD, Red Hat documentation, and relevant bugzilla and errata pages.

Vulnerability/
CVE-2022-1833

high

8.8

CWE

276

23/5/2022

15/6/2022

21/6/2022

3/8/2024

CVE-2022-1833

First published: Mon May 23 2022(Updated: )

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Amq Broker	=7.9.4

Remedy

In order to have these privileges correctly set in this version, opt for using the CLI method at https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/html/deploying_amq_broker_on_openshift_container_platform/broker-operator-broker-ocp#operator-install-broker-ocp Make sure to use the latest available version in order to have access to the latest bug and security fixes.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2022:5101

Frequently Asked Questions

What is the severity of CVE-2022-1833?
The severity of CVE-2022-1833 is high with a severity value of 8.8.
How does CVE-2022-1833 affect AMQ Broker Operator?
CVE-2022-1833 affects AMQ Broker Operator 7.9.4.
How can a low-privilege user exploit CVE-2022-1833?
A low-privilege user with access to the namespace where AMQ Operator is deployed can exploit CVE-2022-1833 by checking the secrets to gain clusterwide edit rights.
What is the solution for CVE-2022-1833?
To mitigate CVE-2022-1833, apply the patch or upgrade to a version of AMQ Broker Operator that is not affected.
Where can I find more information about CVE-2022-1833?
You can find more information about CVE-2022-1833 in the CVE record, NVD, Red Hat documentation, and relevant bugzilla and errata pages.

collector/redhat-cve
collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
agent/author
agent/references
agent/severity
agent/remedy
agent/weakness
agent/description
agent/event
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-1833
vendor/redhat
canonical/redhat amq broker
version/redhat amq broker/7.9.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.