CVE-2022-1833 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-1833 PUBLISHED CVSS 8.800000190734863 HIGH

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.

EPSS 0.32% · 55.0th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.32%

55.0th percentile

Affected Products

Vendor	Product	Versions
n/a	AMQ Broker Operator	AMQ Broker Operator 7.9.4 and prior
redhat	amq_broker	7.9.4

Timeline

Jun 21, 2022 CVE Published
Jun 21, 2022 PoC Published
Jun 22, 2022 EPSS Score
Aug 9, 2022 EPSS Score
Sep 25, 2022 EPSS Score
Nov 12, 2022 EPSS Score
Dec 29, 2022 EPSS Score
Feb 14, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 20, 2023 EPSS Score
Jul 6, 2023 EPSS Score

References

Open in Interactive Console →