rhsa-2022_5132
Vulnerability from csaf_redhat
Published
2022-06-20 17:22
Modified
2024-11-22 19:30
Summary
Red Hat Security Advisory: RHACS 3.68 security update

Notes

Topic
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Release of RHACS 3.68.2 Security Fix(es): * stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext (CVE-2022-1902) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of RHACS 3.68.2\n\nSecurity Fix(es):\n\n* stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext (CVE-2022-1902)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:5132",
        "url": "https://access.redhat.com/errata/RHSA-2022:5132"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2090957",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
      },
      {
        "category": "external",
        "summary": "ROX-11391",
        "url": "https://issues.redhat.com/browse/ROX-11391"
      },
      {
        "category": "external",
        "summary": "ROX-9657",
        "url": "https://issues.redhat.com/browse/ROX-9657"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5132.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHACS 3.68 security update",
    "tracking": {
      "current_release_date": "2024-11-22T19:30:43+00:00",
      "generator": {
        "date": "2024-11-22T19:30:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:5132",
      "initial_release_date": "2022-06-20T17:22:16+00:00",
      "revision_history": [
        {
          "date": "2022-06-20T17:22:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-06-20T17:22:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T19:30:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHACS 3.68 for RHEL 8",
                "product": {
                  "name": "RHACS 3.68 for RHEL 8",
                  "product_id": "8Base-RHACS-3.68",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:advanced_cluster_security:3.68::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Cluster Security for Kubernetes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.68.2-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.68.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64",
                  "product_id": "advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-docs-rhel8\u0026tag=3.68.2-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64",
                  "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.68.2-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64",
                  "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.68.2-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64",
                  "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.68.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64",
                  "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.68.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.68.2-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.68.2-9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64 as a component of RHACS 3.68 for RHEL 8",
          "product_id": "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.68"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1902",
      "cwe": {
        "id": "CWE-497",
        "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
      },
      "discovery_date": "2022-05-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64",
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64",
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64",
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64",
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64",
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64",
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64",
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2090957"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-rhel8@sha256:83779a489e84b94446913ac6734182410f489d64201d4b3da2adc0c4d13f0140_amd64",
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:1098aaf6a3315845b45658ad638ed0b4c5e1c164d48ccca1d45fc5448b93e307_amd64",
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-docs-rhel8@sha256:9b3763478a960cbe92fff01348c02147f5b284caabdb319c3aecba94a7efe5ee_amd64",
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-operator-bundle@sha256:6a10a4859527946f61f497ff84b80f973cb7be5982d428423836b5aca81a1f5d_amd64",
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-rhel8-operator@sha256:eb66d503d51e2524bbe4c6140672b9383da833578173baba50bb61ca2d92b635_amd64",
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:8755ce5d1dd308e49671eda7f4f2deeb42acbefcffb47c4b82e7aca5665487aa_amd64",
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b2a7c913963711b387e0472754745a2b3467a4d6ffafa23bb8643282fbff8e34_amd64",
          "8Base-RHACS-3.68:advanced-cluster-security/rhacs-scanner-rhel8@sha256:331775107475c3acf3536c4c1c8847519fd245236f1f209343f058805725eb0d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1902"
        },
        {
          "category": "external",
          "summary": "RHBZ#2090957",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1902",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1902"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1902",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1902"
        }
      ],
      "release_date": "2022-05-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-06-20T17:22:16+00:00",
          "details": "If you are using the RHACS 3.68.1, you are advised to upgrade to patch release 3.68.2.",
          "product_ids": [
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5132"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.68:advanced-cluster-security/rhacs-main-rhel8@sha256:8ea2dd44cd9aee53482e36d88d57c0d352b27277c3c6a09973ad57499dc6c3d8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.