Skip to main content

Exposure of Resource to Wrong Sphere


Severity High
Score 8.8/10


A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. In StackRox versions prior to 3.68.2-rc.8, 3.69.x prior to 3.69.2-rc.6 and 3.70.x prior to 3.70.1-rc.1 notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Advisory Timeline

  • Published