CVE-2022-2403

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-497
View all →

Vulnerability Description

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.

Related Vulnerabilities

CVE-2021-0291

MEDIUM
CVSS:6.5(Medium)

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthen...

CWE-4972021

CVE-2022-4968

MEDIUM
CVSS:6.5(Medium)

netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.

CWE-4972022

CVE-2023-20111

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due t...

CWE-4972023

CVE-2023-23472

MEDIUM
CVSS:6.5(Medium)

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

CWE-4972023

CVE-2023-4605

MEDIUM
CVSS:6.5(Medium)

A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.

CWE-4972023

CVE-2023-50959

MEDIUM
CVSS:6.5(Medium)

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more...

CWE-4972023