Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Red Hat Connectivity Link 1 by Red Hat

    CVE-2025-25209 (GCVE-0-2025-25209)

    Vulnerability from nvd – Published: 2025-06-09 06:13 – Updated: 2026-03-26 21:27
    VLAI
    Title
    Rhcl: sharedsecretref can be used to leak secrets severity
    Summary
    The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-25209 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2347438 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 1.0.1 (semver)
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Date Public
    2025-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25209",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-09T13:23:18.884257Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T13:23:23.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
              "defaultStatus": "unknown",
              "packageName": "rhcl-operator-container",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:27:38.196Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-25209"
            },
            {
              "name": "RHBZ#2347438",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347438"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T23:40:29.388Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhcl: sharedsecretref can be used to leak secrets severity",
          "workarounds": [
            {
              "lang": "en",
              "value": "There\u0027s no known mitigation for this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-25209",
        "datePublished": "2025-06-09T06:13:56.342Z",
        "dateReserved": "2025-02-03T20:02:01.750Z",
        "dateUpdated": "2026-03-26T21:27:38.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25208 (GCVE-0-2025-25208)

    Vulnerability from nvd – Published: 2025-06-09 06:13 – Updated: 2026-03-26 21:27
    VLAI
    Title
    Rhcl: authorino denial of service through authpolicy with sharedsecretref severity
    Summary
    A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-25208 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2347436 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 1.0.1 (semver)
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Date Public
    2025-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-09T18:08:24.170293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T18:08:33.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
              "defaultStatus": "unknown",
              "packageName": "rhcl-operator-container",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:27:40.550Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-25208"
            },
            {
              "name": "RHBZ#2347436",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T23:33:58.746Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-25208",
        "datePublished": "2025-06-09T06:13:03.864Z",
        "dateReserved": "2025-02-03T20:02:01.750Z",
        "dateUpdated": "2026-03-26T21:27:40.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25207 (GCVE-0-2025-25207)

    Vulnerability from nvd – Published: 2025-06-09 06:12 – Updated: 2026-03-26 21:27
    VLAI
    Title
    Rhcl: authpolicy callbacks result in denial of service in authorino severity
    Summary
    The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-25207 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2347421 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 1.0.1 (semver)
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Date Public
    2025-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-09T18:09:27.183095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T18:11:15.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
              "defaultStatus": "unknown",
              "packageName": "rhcl-operator-container",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:27:41.432Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-25207"
            },
            {
              "name": "RHBZ#2347421",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347421"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T22:53:00.778Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhcl: authpolicy callbacks result in denial of service in authorino severity",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-25207",
        "datePublished": "2025-06-09T06:12:51.416Z",
        "dateReserved": "2025-02-03T20:02:01.750Z",
        "dateUpdated": "2026-03-26T21:27:41.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12401 (GCVE-0-2024-12401)

    Vulnerability from nvd – Published: 2024-12-12 09:06 – Updated: 2026-06-26 04:27
    VLAI
    Title
    Cert-manager: potential dos when parsing specially crafted pem inputs
    Summary
    A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 1.12.14 (semver)
    Affected: 1.13.0-alpha.0 , ≤ 1.15.4 (semver)
    Affected: 1.16.0-alpha.0 , ≤ 1.16.2 (semver)
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Cryostat 3     cpe:/a:redhat:cryostat:3
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Date Public
    2024-11-21 19:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-12T15:21:20.829376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-12T15:44:58.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/cert-manager/cert-manager",
              "defaultStatus": "unaffected",
              "packageName": "cert-manager",
              "versions": [
                {
                  "lessThanOrEqual": "1.12.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.15.4",
                  "status": "affected",
                  "version": "1.13.0-alpha.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.16.2",
                  "status": "affected",
                  "version": "1.16.0-alpha.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-acmesolver-rhel9",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager-operator-bundle-container",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager-operator-container",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cryostat:3"
              ],
              "defaultStatus": "affected",
              "packageName": "cryostat-tech-preview/cryostat-rhel8-operator",
              "product": "Cryostat 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "affected",
              "packageName": "multicluster-engine/assisted-service-8-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "affected",
              "packageName": "multicluster-engine/assisted-service-9-rhel9",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-activator-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-autoscaler-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-controller-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-queue-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-webhook-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-bundle-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-api-server-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-contour-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel8-operator",
              "product": "Red Hat Openshift Data Foundation 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-rhel8-operator",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-11-21T19:52:52.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T04:27:26.590Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12401"
            },
            {
              "name": "RHBZ#2327929",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327929"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7400"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7401"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7402"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7403"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4"
            },
            {
              "url": "https://go.dev/issue/50116"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-21T23:00:43.367Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-21T19:52:52.000Z",
              "value": "Made public."
            }
          ],
          "title": "Cert-manager: potential dos when parsing specially crafted pem inputs",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12401",
        "datePublished": "2024-12-12T09:06:03.612Z",
        "dateReserved": "2024-12-10T13:30:10.806Z",
        "dateUpdated": "2026-06-26T04:27:26.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25209 (GCVE-0-2025-25209)

    Vulnerability from cvelistv5 – Published: 2025-06-09 06:13 – Updated: 2026-03-26 21:27
    VLAI
    Title
    Rhcl: sharedsecretref can be used to leak secrets severity
    Summary
    The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-25209 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2347438 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 1.0.1 (semver)
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Date Public
    2025-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25209",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-09T13:23:18.884257Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T13:23:23.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
              "defaultStatus": "unknown",
              "packageName": "rhcl-operator-container",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:27:38.196Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-25209"
            },
            {
              "name": "RHBZ#2347438",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347438"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T23:40:29.388Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhcl: sharedsecretref can be used to leak secrets severity",
          "workarounds": [
            {
              "lang": "en",
              "value": "There\u0027s no known mitigation for this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-25209",
        "datePublished": "2025-06-09T06:13:56.342Z",
        "dateReserved": "2025-02-03T20:02:01.750Z",
        "dateUpdated": "2026-03-26T21:27:38.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25208 (GCVE-0-2025-25208)

    Vulnerability from cvelistv5 – Published: 2025-06-09 06:13 – Updated: 2026-03-26 21:27
    VLAI
    Title
    Rhcl: authorino denial of service through authpolicy with sharedsecretref severity
    Summary
    A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-25208 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2347436 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 1.0.1 (semver)
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Date Public
    2025-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-09T18:08:24.170293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T18:08:33.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
              "defaultStatus": "unknown",
              "packageName": "rhcl-operator-container",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:27:40.550Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-25208"
            },
            {
              "name": "RHBZ#2347436",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347436"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T23:33:58.746Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhcl: authorino denial of service through authpolicy with sharedsecretref severity",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-25208",
        "datePublished": "2025-06-09T06:13:03.864Z",
        "dateReserved": "2025-02-03T20:02:01.750Z",
        "dateUpdated": "2026-03-26T21:27:40.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25207 (GCVE-0-2025-25207)

    Vulnerability from cvelistv5 – Published: 2025-06-09 06:12 – Updated: 2026-03-26 21:27
    VLAI
    Title
    Rhcl: authpolicy callbacks result in denial of service in authorino severity
    Summary
    The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2025-25207 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2347421 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 1.0.1 (semver)
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Date Public
    2025-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-09T18:09:27.183095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T18:11:15.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.redhat.com/pt-br/technologies/cloud-computing/connectivity-link",
              "defaultStatus": "unknown",
              "packageName": "rhcl-operator-container",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T21:27:41.432Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-25207"
            },
            {
              "name": "RHBZ#2347421",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347421"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T22:53:00.778Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhcl: authpolicy callbacks result in denial of service in authorino severity",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-25207",
        "datePublished": "2025-06-09T06:12:51.416Z",
        "dateReserved": "2025-02-03T20:02:01.750Z",
        "dateUpdated": "2026-03-26T21:27:41.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12401 (GCVE-0-2024-12401)

    Vulnerability from cvelistv5 – Published: 2024-12-12 09:06 – Updated: 2026-06-26 04:27
    VLAI
    Title
    Cert-manager: potential dos when parsing specially crafted pem inputs
    Summary
    A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 1.12.14 (semver)
    Affected: 1.13.0-alpha.0 , ≤ 1.15.4 (semver)
    Affected: 1.16.0-alpha.0 , ≤ 1.16.2 (semver)
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Cryostat 3     cpe:/a:redhat:cryostat:3
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Date Public
    2024-11-21 19:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-12T15:21:20.829376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-12T15:44:58.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/cert-manager/cert-manager",
              "defaultStatus": "unaffected",
              "packageName": "cert-manager",
              "versions": [
                {
                  "lessThanOrEqual": "1.12.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.15.4",
                  "status": "affected",
                  "version": "1.13.0-alpha.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.16.2",
                  "status": "affected",
                  "version": "1.16.0-alpha.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-acmesolver-rhel9",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager/jetstack-cert-manager-rhel9",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager-operator-bundle-container",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:cert_manager:1"
              ],
              "defaultStatus": "affected",
              "packageName": "cert-manager-operator-container",
              "product": "cert-manager Operator for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cryostat:3"
              ],
              "defaultStatus": "affected",
              "packageName": "cryostat-tech-preview/cryostat-rhel8-operator",
              "product": "Cryostat 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "affected",
              "packageName": "multicluster-engine/assisted-service-8-rhel8",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:multicluster_engine"
              ],
              "defaultStatus": "affected",
              "packageName": "multicluster-engine/assisted-service-9-rhel9",
              "product": "Multicluster Engine for Kubernetes",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-activator-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-autoscaler-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-controller-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-queue-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-serverless-1/serving-webhook-rhel8",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-bundle-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:connectivity_link:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcl-operator-container",
              "product": "Red Hat Connectivity Link 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-agent-installer-api-server-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift4/ose-contour-rhel8",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/rook-ceph-rhel8-operator",
              "product": "Red Hat Openshift Data Foundation 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-rhel8-operator",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-11-21T19:52:52.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T04:27:26.590Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12401"
            },
            {
              "name": "RHBZ#2327929",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327929"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7400"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7401"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7402"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/pull/7403"
            },
            {
              "url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4"
            },
            {
              "url": "https://go.dev/issue/50116"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-21T23:00:43.367Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-21T19:52:52.000Z",
              "value": "Made public."
            }
          ],
          "title": "Cert-manager: potential dos when parsing specially crafted pem inputs",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12401",
        "datePublished": "2024-12-12T09:06:03.612Z",
        "dateReserved": "2024-12-10T13:30:10.806Z",
        "dateUpdated": "2026-06-26T04:27:26.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }