Main Vulnerability Database Vulnerabilities #VU64486

Security restrictions bypass in AMQ Broker - CVE-2022-1833

Published: June 18, 2022

Vulnerability identifier: #VU64486

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2022-1833

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
AMQ Broker

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to improperly imposed permissions. A low-privileged user with access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2022:5101
https://bugzilla.redhat.com/show_bug.cgi?id=2089406

Security restrictions bypass in AMQ Broker - CVE-2022-1833

Description

Remediation

External links

Please verify you're human