Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-2238

A vulnerability was found in the search-api container when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

Source

Description

A vulnerability was found in the search-api container when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

Statement

In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the search-api component is protected by OpenShift OAuth which reduces the impact of this flaw to Moderate. Access to the search-api where queries can be submitted requires the user or ServiceAccount token authorization with a granted access to the resources and managed clusters.

Additional Information

Bugzilla 2101669: CVE-2022-2238 search-api: SQL injection leads to remote denial of service
CWE-89->CWE-400: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') leads to Uncontrolled Resource Consumption
FAQ: Frequently asked questions about CVE-2022-2238

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Description

Statement

Additional Information

Vulmon Search

About

Products

Connect