CVE-2025-2241
CVE-2025-2241
Título es
CVE-2025-2241
Lun, 17/03/2025 – 17:15
Tipo
CWE-922
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-2241
Descripción en
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.
17/03/2025
17/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
8.20
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
https://access.redhat.com/security/cve/CVE-2025-2241
https://bugzilla.redhat.com/show_bug.cgi?id=2351350
Enviar en el boletín
Off
