VDB

CVE-2022-3841

CVE-2022-3841 PUBLISHED CVSS 7.800000190734863 HIGH

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.

EPSS 0.10% · 27.6th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.10%
27.6th percentile

Affected Products

VendorProductVersions
redhatadvanced_cluster_management_for_kubernetes2.0
redhat.comRHACMn/a

Exploit Intelligence

Timeline

  • Jan 11, 2023 CVE Published
  • Jan 13, 2023 EPSS Score
  • Feb 23, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 5, 2023 EPSS Score
  • May 15, 2023 EPSS Score
  • Jun 25, 2023 EPSS Score
  • Aug 5, 2023 EPSS Score
  • Sep 15, 2023 EPSS Score
  • Oct 26, 2023 EPSS Score
  • Dec 5, 2023 EPSS Score
  • Jan 15, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›