CVE-2022-3841

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.

Published: Jan 13, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-3841
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
redhat / advanced_cluster_management_for_kubernetes	2.0	2.0.x

https://access.redhat.com/security/cve/CVE-2022-3841

Vulnerability Database

289,598

CVE-2022-3841