HIGH🇵🇱 Wersja polska

CVE-2022-1902

CVSS 8.8v3.1pub. 2022-09-01upd. 2024-11-21

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Red Hat Advanced Cluster Security

    APP
    Redhat
    3.683.693.70
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2025-5198MEDIUM5.0ten sam produkt

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is inclu...

CVE-2024-0406MEDIUM6.1ten sam produkt

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafte...

CVE-2023-48795MEDIUM5.9ten sam produkt

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, al...

CVE-2023-4958MEDIUM6.1ten sam produkt

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missin...

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)