Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-1833  

A flaw was found in AMQ Broker Operator, installed via UI using the OperatorHub. In this vulnerability, a low-privilege user with access to the Operator deployed namespace has access to cluster-wide edit rights. This flaw allows an attacker to have full cluster management access.

Source

Description

A flaw was found in AMQ Broker Operator, installed via UI using the OperatorHub. In this vulnerability, a low-privilege user with access to the Operator deployed namespace has access to cluster-wide edit rights. This flaw allows an attacker to have full cluster management access.

Mitigation

In order to have these privileges correctly set in this version, opt for using the CLI method at https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/html/deploying_amq_broker_on_openshift_container_platform/broker-operator-broker-ocp#operator-install-broker-ocp

Make sure to use the latest available version in order to have access to the latest bug and security fixes.

Additional Information

  • Bugzilla 2089406: CVE-2022-1833 amq: AMQ Broker Operator ClusterWide Edit Permissions Due Token Exposure
  • CWE-276: Incorrect Default Permissions
  • FAQ: Frequently asked questions about CVE-2022-1833

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started