Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Red Hat Developer Hub 1.7 by Red Hat

    CVE-2025-5417 (GCVE-0-2025-5417)

    Vulnerability from nvd – Published: 2025-08-19 04:28 – Updated: 2025-12-19 21:53
    VLAI
    Title
    Rhdh: red hat developer hub user permissions
    Summary
    An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container image and modify the image's content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:14090 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-5417 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2369602 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Developer Hub Affected: 0 , < 1.7.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.7 Unaffected: sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c , < * (rpm)
        cpe:/a:redhat:rhdh:1.7::el9
    Create a notification for this product.
    Date Public
    2025-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-19T19:21:17.678963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-19T19:21:23.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/redhat-developer/rhdh",
              "defaultStatus": "unaffected",
              "packageName": "rhdh",
              "product": "Red Hat Developer Hub",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.7::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An insufficient access control vulnerability was found in the Red Hat\nDeveloper Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the\nrhdh/rhdh-hub-rhel9 container image and modify the image\u0027s content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T21:53:15.616Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:14090",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14090"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5417"
            },
            {
              "name": "RHBZ#2369602",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369602"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-31T22:35:41.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhdh: red hat developer hub user permissions",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat Developer Hub 1.5 contains mitigation guidelines present at https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.5/html/configuring_red_hat_developer_hub/readonlyrootfilesystem"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5417",
        "datePublished": "2025-08-19T04:28:08.316Z",
        "dateReserved": "2025-05-31T22:36:52.134Z",
        "dateUpdated": "2025-12-19T21:53:15.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5417 (GCVE-0-2025-5417)

    Vulnerability from cvelistv5 – Published: 2025-08-19 04:28 – Updated: 2025-12-19 21:53
    VLAI
    Title
    Rhdh: red hat developer hub user permissions
    Summary
    An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container image and modify the image's content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:14090 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-5417 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2369602 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Developer Hub Affected: 0 , < 1.7.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.7 Unaffected: sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c , < * (rpm)
        cpe:/a:redhat:rhdh:1.7::el9
    Create a notification for this product.
    Date Public
    2025-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-19T19:21:17.678963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-19T19:21:23.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/redhat-developer/rhdh",
              "defaultStatus": "unaffected",
              "packageName": "rhdh",
              "product": "Red Hat Developer Hub",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.7::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "sha256:aa3c5b50c65aee51b932fafcbf479ce54f15496cffc2744860bd9e135cce815c",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "datePublic": "2025-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An insufficient access control vulnerability was found in the Red Hat\nDeveloper Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the\nrhdh/rhdh-hub-rhel9 container image and modify the image\u0027s content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T21:53:15.616Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:14090",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:14090"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5417"
            },
            {
              "name": "RHBZ#2369602",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369602"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-31T22:35:41.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhdh: red hat developer hub user permissions",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat Developer Hub 1.5 contains mitigation guidelines present at https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.5/html/configuring_red_hat_developer_hub/readonlyrootfilesystem"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5417",
        "datePublished": "2025-08-19T04:28:08.316Z",
        "dateReserved": "2025-05-31T22:36:52.134Z",
        "dateUpdated": "2025-12-19T21:53:15.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }