Name of the Vulnerable Software and Affected Versions:

Red Hat Connectivity Link (affected versions not specified)

Description:

The issue concerns the AuthPolicy metadata in Red Hat Connectivity Link, which contains an object storing secrets. However, it assumes these secrets are already in the kuadrant-system instead of copying them to the referred namespace. This creates an opportunity for a malicious actor with developer persona access to leak those secrets over an HTTP connection, provided the attacker knows the name of the targeted secrets and those secrets are limited to one line only.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.