CVE-2022-1902

CVE-2022-1902

Vendor N/A
Product Red Hat Advanced Cluster Security for Kubernetes
Weakness CWE-497
Published September 1, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

Key dates

02Disclosure timeline

September 1, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE