CVE-2025-6017

Medium CVSS: 5.5

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

Vendor

Redhat

Product

Advanced Cluster Management For Kubernetes

CWE

CWE-359

Yayın Tarihi

2025-07-02 07:15:23

Güncelleme

2025-08-20 16:33:58

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-359 Advanced Cluster Management For Kubernetes MEDIUM Redhat 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-6017 https://bugzilla.redhat.com/show_bug.cgi?id=2372362

Benzer Kayıtlar

High

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more…

High

CVE-2026-28368

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where…

Medium

CVE-2026-3121

A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi…

Medium

CVE-2026-3190

A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to…

Low

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating t…

Low

CVE-2026-4633

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login…