CVE-2022-3841

Name of the Vulnerable Software and Affected Versions Red Hat Advanced Cluster Management for Kubernetes (RHACM) (affected versions not specified) Red Hat Advanced Cluster Security (RHACS) for Kubernetes (affected versions not specified)

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability, which may allow an attacker to elevate privileges and gain unauthorized access to protected information. An unauthenticated SSRF vulnerability was found in the console API endpoint, missing an authentication check, allowing unauthenticated users to make requests.

Recommendations For Red Hat Advanced Cluster Management for Kubernetes (RHACM), consider restricting access to the console API endpoint until a patch is available. For Red Hat Advanced Cluster Security (RHACS) for Kubernetes, as a temporary workaround, consider disabling the vulnerable functionality related to server-side request forgery until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.