CVEFinder.io

CVE-2022-2238

🔶 medium
Summary

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

CVSS Score
6.5
Medium
EPSS Score
0.7
Exploit Probability
Published Date
2022-09-01
First Seen: 2026-01-05
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-89

🔗 References 4

https://access.redhat.com/security/cve/CVE-2022-2238
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2101669
Issue Tracking Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-2238
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2101669
Issue Tracking Vendor Advisory

📦 Affected Products 1

Vendor Product Status Affected Versions
redhat advanced_cluster_management_for_kubernetes Affected
v2.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14874 ⚠️ high 7.5 0.1 A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header t... 2025-12-18
CVE-2025-6017 🔶 medium 5.5 0.0 A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2... 2025-07-02
CVE-2023-44487 ⚠️ high 7.5 94.4 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many... 2023-10-10
CVE-2022-3248 🔶 medium 4.4 0.1 A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow ... 2023-10-05
CVE-2023-3027 ⚠️ high 7.8 0.0 The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain so... 2023-06-05
CVE-2022-3841 ⚠️ high 7.8 0.1 RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the... 2023-01-13
These CVEs affect the same products