rhsa-2022_5189
Vulnerability from csaf_redhat
Published
2022-06-27 10:19
Modified
2024-11-22 19:30
Summary
Red Hat Security Advisory: RHACS 3.70 security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS). The updated image includes bug and security fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Release of ACS 3.70.1
Security Fix(es):
* stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext (CVE-2022-1902)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). The updated image includes bug and security fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of ACS 3.70.1\n\nSecurity Fix(es):\n\n* stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext (CVE-2022-1902)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5189",
"url": "https://access.redhat.com/errata/RHSA-2022:5189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2090957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
},
{
"category": "external",
"summary": "ROX-11452",
"url": "https://issues.redhat.com/browse/ROX-11452"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5189.json"
}
],
"title": "Red Hat Security Advisory: RHACS 3.70 security update",
"tracking": {
"current_release_date": "2024-11-22T19:30:58+00:00",
"generator": {
"date": "2024-11-22T19:30:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:5189",
"initial_release_date": "2022-06-27T10:19:57+00:00",
"revision_history": [
{
"date": "2022-06-27T10:19:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-27T10:19:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:30:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 3.70 for RHEL 8",
"product": {
"name": "RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:3.70::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.70.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.70.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64",
"product_id": "advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-docs-rhel8\u0026tag=3.70.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.70.1-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.70.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.70.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.70.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.70.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.70.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=3.70.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=3.70.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64 as a component of RHACS 3.70 for RHEL 8",
"product_id": "8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64",
"relates_to_product_reference": "8Base-RHACS-3.70"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1902",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2022-05-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2090957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64"
],
"known_not_affected": [
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-collector-rhel8@sha256:1457880bb72cd6628abb1f12c1a63ddfdeccc4d6096f39a8653ef0335f471266_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:098c7751ddc217f1cdd6798b6424141c27e7e19ca437a8157e728c62f8fea423_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-docs-rhel8@sha256:297de60ddf71c1468a800f118e375fe5b5e0a6f11568e1da8a13a794433240c2_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-operator-bundle@sha256:9b35ae6df2c19935783735d213483f3fcecead2f49f873a4f7844ef9fb5c7f1a_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-rhel8-operator@sha256:9badb9eb5a21f7100b87a32833cc06c1c7f11aad977250af5ca24fb01318f862_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7f92d7708730cd31ca0a0f1118b4635a68726ca1bbf0109b5bae238d7cf1a838_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a45ff3957c1357aface24b346e08974d2fe60661005fb8e94cc2909c251c72c7_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:5e24f3e58f179e29f4e90b7fcc5478078dc60eae9e8095918c0484932472e9d2_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-rhel8@sha256:c779024230a63c6502dd84dc501b736789bb37210afb62fbf7cf243b9c748e58_amd64",
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1db63101fcace1acd53dfd2278f2208fdb22295c6f0d9b9ac6d9ac1cdde1f544_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1902"
},
{
"category": "external",
"summary": "RHBZ#2090957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1902",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1902"
}
],
"release_date": "2022-05-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-27T10:19:57+00:00",
"details": "If you are using the RHACS 3.70.0, you are advised to upgrade to patch release 3.70.1.",
"product_ids": [
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5189"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-3.70:advanced-cluster-security/rhacs-main-rhel8@sha256:0c45ab080cd5f6429de49036fe846fe241c3044091dae245c2a6831cbdf20f65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.