Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat advanced cluster management for kubernetes 2.0 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-3841
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is m...
Redhat Advanced Cluster Management For Kubernetes 2.0
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
35 Github repositories
2 Articles
7.5
CVSSv3
CVE-2022-3248
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an malicious user to violate the boundaries, as permissions will not be applied.
Redhat Openshift Container Platform 4.0
Redhat Advanced Cluster Management For Kubernetes 2.0
6.5
CVSSv3
CVE-2022-2238
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an malicious user to craft specific strings containing special characters that lead to crashi...
Redhat Advanced Cluster Management For Kubernetes 2.0
6.5
CVSSv3
CVE-2020-25655
An issue exists in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view ...
Redhat Advanced Cluster Management For Kubernetes 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started