CVE-2022-1833

N/A

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.

N/A

缺省权限不正确

Red Hat AMQ Broker 权限许可和访问控制问题漏洞

Red Hat AMQ Broker是美国红帽（Red Hat）公司的一个纯 Java 多协议消息代理。它建立在高效的异步核心之上，具有用于消息持久性的快速本机日志和用于高可用性的无共享状态复制选项。 Red Hat AMQ Broker Operator 7.9.4 存在权限许可和访问控制问题漏洞，该漏洞源于集群范围的编辑权限设置存在问题，攻击者利用该漏洞可以拥有完整的集群管理访问权限。

N/A

N/A