CVE-2022-1833

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4	Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:amq_broker:7.9.4:*:*:*:*:*:*:*

History

21 Nov 2024, 06:41

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4 - Issue Tracking, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4 - Issue Tracking, Vendor Advisory

Information

Published : 2022-06-21 15:15

Updated : 2024-11-21 06:41

NVD link : CVE-2022-1833

Mitre link : CVE-2022-1833

CVE.ORG link : CVE-2022-1833

JSON object : View

Products Affected

redhat

amq_broker

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2022-1833", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-06-21T15:15:08.380", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406#c4", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack."}, {"lang": "es", "value": "Se ha encontrado un fallo en AMQ Broker Operator versi\u00f3n 7.9.4, instalado por medio de la interfaz de usuario usando OperatorHub, en el que un usuario poco privilegiado que presenta acceso al espacio de nombres donde es desplegado el AMQ Operator presenta acceso a los derechos de edici\u00f3n de todo el cl\u00faster mediante la comprobaci\u00f3n de los secretos. La cuenta de servicio usada para construir el Operador da m\u00e1s permisos de los esperados y un atacante podr\u00eda beneficiarse de ello. Esto requiere al menos una cuenta de bajo privilegio ya comprometida o un ataque interno"}], "lastModified": "2024-11-21T06:41:34.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_broker:7.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0BEEB9A-A55D-4C42-9C9C-681E9D2E9350"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}