Vulnerabilities > Redhat > Advanced Cluster Management FOR Kubernetes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-10-05 | CVE-2022-3248 | Incorrect Authorization vulnerability in Redhat products A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. | 7.5 |
| 2023-06-05 | CVE-2023-3027 | Improper Privilege Management vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.5/2.6/2.7 The grc-policy-propagator allows security escalation within the cluster. | 7.8 |
| 2023-01-13 | CVE-2022-3841 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 RHACM: unauthenticated SSRF in console API endpoint. | 7.8 |
| 2022-09-01 | CVE-2022-2238 | SQL Injection vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. | 6.5 |
| 2022-03-18 | CVE-2022-27191 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | 7.5 |
| 2020-11-23 | CVE-2020-25688 | Use of Hard-coded Credentials vulnerability in Redhat Advanced Cluster Management for Kubernetes A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. | 2.7 |
| 2020-11-09 | CVE-2020-25655 | Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. | 6.5 |