Redhat

Advanced Cluster Management For Kubernetes

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2025-6017

  • EPSS 0.02%
  • Published 02.07.2025 06:36:47
  • Last modified 20.08.2025 16:33:58

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2022-3248

  • EPSS 0.05%
  • Published 05.10.2023 14:15:09
  • Last modified 21.11.2024 07:19:08

A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

7.8

CVE-2023-3027

  • EPSS 0.03%
  • Published 05.06.2023 22:15:12
  • Last modified 08.01.2025 17:15:13

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster...

7.8

CVE-2022-3841

  • EPSS 0.05%
  • Published 13.01.2023 06:15:11
  • Last modified 09.04.2025 14:15:24

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as...

6.5

CVE-2022-2238

  • EPSS 0.27%
  • Published 01.09.2022 21:15:09
  • Last modified 21.11.2024 07:00:36

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special charac...

7.5

CVE-2022-27191

  • EPSS 0.08%
  • Published 18.03.2022 07:15:06
  • Last modified 21.11.2024 06:55:22

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3.5

CVE-2020-25688

  • EPSS 0.03%
  • Published 23.11.2020 22:15:12
  • Last modified 21.11.2024 05:18:28

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an at...

6.5

CVE-2020-25655

  • EPSS 0.21%
  • Published 09.11.2020 15:15:12
  • Last modified 21.11.2024 05:18:21

An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this...