RedHat: RHSA-2022-5132:01 Important: RHACS 3.68 security update
Summary
Release of RHACS 3.68.2
Security Fix(es):
* stackrox: Improper sanitization allows users to retrieve Notifier secrets
from GraphQL API in plaintext (CVE-2022-1902)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
If you are using the RHACS 3.68.1, you are advised to upgrade to patch
release 3.68.2.
References
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3672 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-23222 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1902 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#important
Package List
Topic
Updated images are now available for Red Hat Advanced Cluster Security forKubernetes (RHACS). The updated image includes bug and security fixes.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2090957 - CVE-2022-1902 stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext
5. JIRA issues fixed (https://issues.redhat.com/):
ROX-11391 - Release RHACS 3.68.2
ROX-9657 - Patch supported RHACS images previous to 3.69.0 release to fix RHSA-2022:0658