Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Red Hat AMQ Broker 权限许可和访问控制问题漏洞
Vulnerability Description
Red Hat AMQ Broker是美国红帽(Red Hat)公司的一个纯 Java 多协议消息代理。它建立在高效的异步核心之上,具有用于消息持久性的快速本机日志和用于高可用性的无共享状态复制选项。 Red Hat AMQ Broker Operator 7.9.4 存在权限许可和访问控制问题漏洞,该漏洞源于集群范围的编辑权限设置存在问题,攻击者利用该漏洞可以拥有完整的集群管理访问权限。
CVSS Information
N/A
Vulnerability Type
N/A