cvedb.io
CVE-2022-3841
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2023-01-13T06:15:11.277 · Last modified 2026-06-17T05:00:24.743

Summary

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.

Affected products

redhat — advanced_cluster_management_for_kubernetes

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.