CVE-2022-1902
Summary
| CVE | CVE-2022-1902 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-09-01 21:15:00 UTC |
| Updated | 2023-02-12 22:15:00 UTC |
| Description | A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. |
Risk And Classification
Problem Types: CWE-497
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Advanced Cluster Security | 3.68 | All | All | All |
| Application | Redhat | Advanced Cluster Security | 3.69 | All | All | All |
| Application | Redhat | Advanced Cluster Security | 3.70 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ROX-10845: Refactor notifier scrubbing by mtodor · Pull Request #1803 · stackrox/stackrox · GitHub | MISC | github.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| 2090957 – (CVE-2022-1902) CVE-2022-1902 stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.