VYPR

Assisted Service

by Openshift

Source repositories

CVEs (2)

  • CVE-2026-10101MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.00

    ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover…

  • CVE-2026-7163MedApr 30, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters…