CVE-2022-1902

high

Description

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

References

https://github.com/stackrox/stackrox/pull/1803

https://bugzilla.redhat.com/show_bug.cgi?id=2090957

https://access.redhat.com/security/cve/CVE-2022-1902

Details

Source: Mitre, NVD

Published: 2022-09-01

Updated: 2023-02-12

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High