CVE-2022-3841 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-3841 PUBLISHED CVSS 7.800000190734863 HIGH

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.

EPSS 0.07% · 21.4th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.07%

21.4th percentile

Affected Products

Vendor	Product	Versions
redhat	advanced_cluster_management_for_kubernetes	2.0
redhat.com	RHACM	n/a

Timeline

Jan 11, 2023 CVE Published
Jan 13, 2023 EPSS Score
Feb 22, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 14, 2023 EPSS Score
Jun 23, 2023 EPSS Score
Aug 2, 2023 EPSS Score
Sep 11, 2023 EPSS Score
Oct 21, 2023 EPSS Score
Dec 1, 2023 EPSS Score
Jan 10, 2024 EPSS Score

References

Open in Interactive Console →