Red Hat Advanced Cluster Management for Kubernetes 2.0

CPE Details

Red Hat Advanced Cluster Management for Kubernetes 2.0
redhat
advanced_cluster_management_for_kubernetes
2.0
2021-01-27
14h05 +00:00
2021-01-27
14h05 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

advanced_cluster_management_for_kubernetes

Version

2.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
Haute
CVE-2022-3248 2023-10-05 13h28 +00:00 A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
7.5
Haute
CVE-2022-3841 2023-01-11 20h38 +00:00 RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.
7.8
Haute
CVE-2022-2238 2022-09-01 17h56 +00:00 A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
6.5
Moyen
CVE-2022-27191 2022-03-18 05h03 +00:00 The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
7.5
Haute
CVE-2020-25688 2020-11-23 20h07 +00:00 A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.
3.5
Bas
CVE-2020-25655 2020-11-09 13h38 +00:00 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.
6.5
Moyen