CVE-2022-2238
Last modified
CVE-2022-2238 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Advanced Cluster Management For Kubernetes | 2.0 |
References
- https://access.redhat.com/security/cve/CVE-2022-2238Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2101669Issue Tracking, Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-2238Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2101669Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2238?
How severe is CVE-2022-2238?
How do I fix CVE-2022-2238?
Are you affected by CVE-2022-2238?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST