CVE-2022-1902

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-1902

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1902.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1902

Published

2022-09-01T21:15:09.110Z

Modified

2025-11-14T12:58:07.198697Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

References

Affected packages

Git / github.com/stackrox/stackrox

Affected ranges

Type: GIT
Repo: https://github.com/stackrox/stackrox
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

04a6c1cae1e07e924b0ad222bbf97179315c8906

Last affected

5392881069a5244828b16847e06bde8f346bae2c

Last affected

e027e4945d614c03819f045324a0e1f0d6f2bf48

Affected versions

3.*

3.65.x

3.67.x

3.68.x

3.69.x

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1902.json"