CVE-2022-1902
First published: Wed May 25 2022(Updated: )
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Advanced Cluster Security Kubernates | =3.68 | |
| Redhat Advanced Cluster Security Kubernates | =3.69 | |
| Redhat Advanced Cluster Security Kubernates | =3.70 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2022-1902
- https://bugzilla.redhat.com/show_bug.cgi?id=2090957
- https://github.com/stackrox/stackrox/pull/1803
- https://access.redhat.com/errata/RHSA-2022:5132
- https://access.redhat.com/errata/RHSA-2022:5188
- https://access.redhat.com/errata/RHSA-2022:5189
- https://access.redhat.com/security/cve/cve-2022-1902
- https://www.cve.org/CVERecord?id=CVE-2022-1902 https://nvd.nist.gov/vuln/detail/CVE-2022-1902
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-1902
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/remedy
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat advanced cluster security kubernates
- version/redhat advanced cluster security kubernates/3.68
- version/redhat advanced cluster security kubernates/3.69
- version/redhat advanced cluster security kubernates/3.70