CVE-2022-1902

HIGH

Red Hat Advanced Cluster Security - Privilege Escalation

Title source: llm

Description

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

References (3)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2022-1902

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2090957

[Exploit, Patch, Third Party Advisory] https://github.com/stackrox/stackrox/pull/1803

Scores

CVSS v3 8.8

EPSS 0.0082

EPSS Percentile 74.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668 CWE-497

Status published

Affected Products (3)

redhat/advanced_cluster_security

redhat/advanced_cluster_security

redhat/advanced_cluster_security

Timeline

Published Sep 01, 2022

Tracked Since Feb 18, 2026