CVE-2025-6017

{"id": "CVE-2025-6017", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-02T07:15:23.293", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-6017", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372362", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-359"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Red Hat Advanced Cluster Management en las versiones 2.10 (anteriores a la 2.10.7), 2.11 (anteriores a la 2.11.4) y 2.12 (anteriores a la 2.12.4). Esta vulnerabilidad permite a un usuario sin privilegios acceder a las credenciales confidenciales del cl\u00faster administrado a trav\u00e9s de la interfaz de usuario. Esta informaci\u00f3n solo deber\u00eda ser accesible para usuarios autorizados y puede provocar la p\u00e9rdida de confidencialidad de la informaci\u00f3n administrativa, que podr\u00eda filtrarse a usuarios no autorizados."}], "lastModified": "2025-08-20T16:33:58.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "344CF216-2E92-488D-A2A7-46AB75008880", "versionEndExcluding": "2.10.7", "versionStartIncluding": "2.10"}, {"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B150B262-DB86-41D1-90D5-55E5C3C64B37", "versionEndExcluding": "2.11.4", "versionStartIncluding": "2.11"}, {"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25378F99-5C58-4CEF-ABC4-0D61842CA8BA", "versionEndExcluding": "2.12.4", "versionStartIncluding": "2.12"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}