Red Hat Authorino Denial-of-Service Vulnerability in Connectivity Link

Vulnerability

A denial-of-service vulnerability has been identified in the Authorino service of Red Hat Connectivity Link, which is responsible for zero trust API security. The issue arises because an attacker with developer persona access can overload the system by adding a large number of post-authorization callback actions. Since the authorization policy is managed by a single instance of Authorino, this overload causes a denial-of-service condition while the service processes these callbacks.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition in the Authorino service, causing it to become unresponsive or slow while processing overloaded post-authorization callbacks.

Added: Jun 9, 2025, 6:26 AM

Updated: Jun 9, 2025, 6:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat Authorino Denial-of-Service Vulnerability in Connectivity Link

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating