Red Hat Connectivity Link AuthPolicy Metadata Secrets Leakage Vulnerability

Vulnerability

A vulnerability exists in the AuthPolicy metadata on Red Hat Connectivity Link, where an object intended to store secrets incorrectly assumes those secrets are already in the kuadrant-system namespace. This flaw allows a malicious actor with a developer persona to leak secrets over an HTTP connection, provided they know the names of the targeted secrets and that those secrets are limited to a single line. The vulnerability enables unauthorized access to exfiltrate secrets from the kuadrant-system namespace, which, by default, does not contain highly sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized leakage of secrets from the kuadrant-system namespace, potentially exposing sensitive information.

Added: Jun 9, 2025, 6:21 AM

Updated: Jun 9, 2025, 6:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat Connectivity Link AuthPolicy Metadata Secrets Leakage Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating