Red Hat Advanced Cluster Management
Moderate fix1 remedy
cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 2.10, < 2.10.7
- >= 2.11, < 2.11.4
- >= 2.12, < 2.12.4
Red Hat Advanced Cluster Management Confidential Credential Exposure Vulnerability
Vulnerability
Patched
A vulnerability exists in Red Hat Advanced Cluster Management (ACM) versions 2.10 prior to 2.10.7, 2.11 prior to 2.11.4, and 2.12 prior to 2.12.4). This flaw allows unprivileged users to access sensitive managed cluster credentials through the user interface. Such information should only be available to authorized users. The exposure of these credentials could lead to unauthorized access to administrative data, potentially allowing it to be disclosed to unauthorized individuals.
Impact
This vulnerability could result in the unauthorized disclosure of confidential managed cluster credentials, allowing unauthorized users to access sensitive administrative information.
Reproduction
Users with the 'ClusterReader' role in Red Hat Advanced Cluster Management can view credentials from managed clusters through the user interface.
Remediation
Users can upgrade to Red Hat Advanced Cluster Management version 2.13, which addresses this vulnerability.
Added: Jul 2, 2025, 7:16 AM
Updated: Jul 2, 2025, 7:16 AM
Vulnerability Rating
Custom Algorithm
spread
1.9impact
2.5exploitability
5.6remediation
7.7relevance
0.2threat
1.6urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.