rhsa-2022_5188
Vulnerability from csaf_redhat
Published
2022-06-24 19:42
Modified
2024-11-13 23:44
Summary
Red Hat Security Advisory: RHACS 3.69 security update

Notes

Topic
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Release of RHACS 3.69.2 Security Fix(es): * stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext (CVE-2022-1902)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of RHACS 3.69.2\n\nSecurity Fix(es):\n\n* stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext (CVE-2022-1902)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:5188",
        "url": "https://access.redhat.com/errata/RHSA-2022:5188"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2090957",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
      },
      {
        "category": "external",
        "summary": "ROX-11455",
        "url": "https://issues.redhat.com/browse/ROX-11455"
      },
      {
        "category": "external",
        "summary": "ROX-9657",
        "url": "https://issues.redhat.com/browse/ROX-9657"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5188.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHACS 3.69 security update",
    "tracking": {
      "current_release_date": "2024-11-13T23:44:33+00:00",
      "generator": {
        "date": "2024-11-13T23:44:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2022:5188",
      "initial_release_date": "2022-06-24T19:42:45+00:00",
      "revision_history": [
        {
          "date": "2022-06-24T19:42:45+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-06-24T19:42:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-13T23:44:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHACS 3.69 for RHEL 8",
                "product": {
                  "name": "RHACS 3.69 for RHEL 8",
                  "product_id": "8Base-RHACS-3.69",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:advanced_cluster_security:3.69::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Cluster Security for Kubernetes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.69.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
                  "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.69.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
                  "product_id": "advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-docs-rhel8\u0026tag=3.69.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64",
                  "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.69.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
                  "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.69.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
                  "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.69.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
                  "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.69.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.69.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.69.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=3.69.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64",
                "product": {
                  "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64",
                  "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=3.69.2-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64 as a component of RHACS 3.69 for RHEL 8",
          "product_id": "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64"
        },
        "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64",
        "relates_to_product_reference": "8Base-RHACS-3.69"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-43565",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto: empty plaintext packet causes panic",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-43565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
        }
      ],
      "release_date": "2021-12-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-06-24T19:42:45+00:00",
          "details": "If you are using the RHACS 3.69.1, you are advised to upgrade to patch release 3.69.2.",
          "product_ids": [
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/crypto: empty plaintext packet causes panic"
    },
    {
      "cve": "CVE-2022-1902",
      "cwe": {
        "id": "CWE-497",
        "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
      },
      "discovery_date": "2022-05-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2090957"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64"
        ],
        "known_not_affected": [
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-rhel8@sha256:b1133a28779646b195f65221eb81cc5be95076d9c835d7ea072ec86ad9a4ba93_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:339f13fe43b1413c4a88778195ea937cc1a96b9790b443f876de7cadf152bce1_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-docs-rhel8@sha256:90457347e3b31e462d6b778274374c92d66faee30bae8162afb9c868ce537e54_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-operator-bundle@sha256:297e7f863106c6b41f882bbd5b691a12c797c24d832473a04e604d4639e4a68e_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-rhel8-operator@sha256:2816c185da5d27e5340a40c97b9c8cabb14b29ddb63ad7aea47fa697e2f264fb_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5f478678df06ff4d666d0a0cdd2edbfafe1bd860cbced04e6ed10b3dfa70a85f_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f4f70356fc2e9d6d2129d31e4e5795c5cc5e08f754ffba663863363fb46c5760_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c8e76bf5bb6d96904bf0d4b34b338bce7f96436625d0d982c007c6e7fee0f4f1_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fba8806142f5358194126cb8501d8bc2de7a2bdd8d5a4cb7fd32faa8bb09b289_amd64",
          "8Base-RHACS-3.69:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cecd1a42674d57be482644e6986aefee90e315c767941c622297928a999b5057_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1902"
        },
        {
          "category": "external",
          "summary": "RHBZ#2090957",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1902",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1902"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1902",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1902"
        }
      ],
      "release_date": "2022-05-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-06-24T19:42:45+00:00",
          "details": "If you are using the RHACS 3.69.1, you are advised to upgrade to patch release 3.69.2.",
          "product_ids": [
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACS-3.69:advanced-cluster-security/rhacs-main-rhel8@sha256:d1257e71da7d928d57d587b37d9b6aa79c3a0532e87d3d24742613f623709082_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.