{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-6017","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-06-11T21:09:21.420Z","datePublished":"2025-07-02T06:36:47.171Z","dateUpdated":"2025-11-20T21:07:40.898Z"},"containers":{"cna":{"title":"Rhacm: users with clusterreader role can see credentials from managed-clusters","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"0.16.0","versionType":"semver"}],"packageName":"ocm","collectionURL":"https://github.com/open-cluster-management-io/ocm","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/console-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-6017","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372362","name":"RHBZ#2372362","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2025-07-02T06:33:03.003Z","problemTypes":[{"descriptions":[{"cweId":"CWE-359","description":"Exposure of Private Personal Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-359: Exposure of Private Personal Information to an Unauthorized Actor","timeline":[{"lang":"en","time":"2025-06-11T21:09:13.313Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-07-02T06:33:03.003Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2025-11-20T21:07:40.898Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-02T13:13:28.618310Z","id":"CVE-2025-6017","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-02T13:13:39.278Z"}}]}}