Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redhat Subscribe
Filtered by product Advanced Cluster Management For Kubernetes

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-44487 31 Akka, Amazon, Apache and 28 more 127 Http Server, Opensearch Data Prepper, Apisix and 124 more 2023-12-20 N/A 7.5 HIGH
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-27191 3 Fedoraproject, Golang, Redhat 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more 2023-08-08 4.3 MEDIUM 7.5 HIGH
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2020-25688 1 Redhat 1 Advanced Cluster Management For Kubernetes 2020-12-08 2.7 LOW 3.5 LOW
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.
CVE-2020-25655 1 Redhat 1 Advanced Cluster Management For Kubernetes 2020-11-18 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.