VDB
CVE-2022-1902
CVE-2022-1902
PUBLISHED
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
EPSS 0.82% · 74.8th percentile
Risk Scores
EPSS Score
0.82%
74.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | advanced_cluster_security | 3.68, 3.69, 3.70 |
| n/a | Red Hat Advanced Cluster Security for Kubernetes | Red Hat Advanced Cluster Security for Kubernetes 3 |
Exploit Intelligence
Timeline
- Sep 1, 2022 CVE Published
- Sep 2, 2022 EPSS Score
- Oct 17, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
- Jan 16, 2023 EPSS Score
- Mar 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- Jun 1, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 31, 2023 EPSS Score
- Oct 15, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2090957 url
- https://access.redhat.com/security/cve/CVE-2022-1902 url
- https://github.com/stackrox/stackrox/pull/1803 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-1902 advisory
- https://access.redhat.com/errata/RHSA-2022:5132 url
- https://access.redhat.com/errata/RHSA-2022:5188 url
- https://access.redhat.com/errata/RHSA-2022:5189 url