CVE-2022-1833

Name of the Vulnerable Software and Affected Versions AMQ Broker Operator version 7.9.4

Description A flaw was found in AMQ Broker Operator where a low-privilege user with access to the namespace where the AMQ Operator is deployed can gain clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected, which an attacker could exploit. This requires at least an already compromised low-privilege account or an insider attack.

Recommendations For AMQ Broker Operator version 7.9.4, consider restricting the permissions of the service account used for building the Operator to minimize the risk of exploitation. Additionally, limit access to the namespace where the AMQ Operator is deployed to prevent low-privilege users from gaining clusterwide edit rights. At the moment, there is no information about a newer version that contains a fix for this vulnerability.