CVE-2022-3841

Published: Jan 13, 2023Modified: Apr 9, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.

Affected (1)

Products: Redhat: Advanced Cluster Management For Kubernetes

1 product

Advanced Cluster Management For Kubernetes

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Advanced Cluster Management For Kubernetes	Version 2.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://access.redhat.com/security/cve/CVE-2022-3841

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2022-3841

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.