Redhat

Advanced Cluster Management For Kubernetes

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2025-6017

  • EPSS 0.02%
  • Veröffentlicht 02.07.2025 06:36:47
  • Zuletzt bearbeitet 20.08.2025 16:33:58

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2022-3248

  • EPSS 0.05%
  • Veröffentlicht 05.10.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:08

A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

7.8

CVE-2023-3027

  • EPSS 0.03%
  • Veröffentlicht 05.06.2023 22:15:12
  • Zuletzt bearbeitet 08.01.2025 17:15:13

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster...

7.8

CVE-2022-3841

  • EPSS 0.05%
  • Veröffentlicht 13.01.2023 06:15:11
  • Zuletzt bearbeitet 09.04.2025 14:15:24

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as...

6.5

CVE-2022-2238

  • EPSS 0.27%
  • Veröffentlicht 01.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:00:36

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special charac...

7.5

CVE-2022-27191

  • EPSS 0.08%
  • Veröffentlicht 18.03.2022 07:15:06
  • Zuletzt bearbeitet 21.11.2024 06:55:22

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3.5

CVE-2020-25688

  • EPSS 0.03%
  • Veröffentlicht 23.11.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:28

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an at...

6.5

CVE-2020-25655

  • EPSS 0.21%
  • Veröffentlicht 09.11.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:21

An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this...