CVE-2022-3841

⚠️ high

Summary

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.

CVSS Score

7.8

High

EPSS Score

0.1

Exploit Probability

Published Date

2023-01-13

First Seen: 2026-01-05

Last Modified 2025-04-09

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-918

🔗 References 2

https://access.redhat.com/security/cve/CVE-2022-3841

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2022-3841

Vendor Advisory

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
redhat	advanced_cluster_management_for_kubernetes	Affected	v2.0

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-14874	⚠️ high	7.5	0.1	A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header t...	2025-12-18
CVE-2025-6017	🔶 medium	5.5	0.0	A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2...	2025-07-02
CVE-2023-44487	⚠️ high	7.5	94.4	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many...	2023-10-10
CVE-2022-3248	🔶 medium	4.4	0.1	A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow ...	2023-10-05
CVE-2023-3027	⚠️ high	7.8	0.0	The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain so...	2023-06-05
CVE-2022-2238	🔶 medium	6.5	0.7	A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query...	2022-09-01

These CVEs affect the same products