Red Hat Connectivity Link
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Connectivity Link.
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Connectivity Link. Last year, in 2025 Connectivity Link had 3 security vulnerabilities published. Right now, Connectivity Link is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 5.70 |
| 2024 | 1 | 4.40 |
It may take a day or so for new Connectivity Link vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Connectivity Link Security Vulnerabilities
Authorino DoS from Excessive Post-Auth Callbacks
CVE-2025-25207
5.7 - Medium
- June 09, 2025
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
Allocation of Resources Without Limits or Throttling
Authorino Service DoS via Developer Persona - CVE-2025-25208
CVE-2025-25208
5.7 - Medium
- June 09, 2025
A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
Resource Exhaustion
Red Hat Connectivity Link AuthPolicy Exposes Secrets via HTTP (CVE-2025-25209)
CVE-2025-25209
5.7 - Medium
- June 09, 2025
The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
Information Disclosure
cert-manager: Denial of Service via Malicious PEM Data
CVE-2024-12401
4.4 - Medium
- December 12, 2024
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Connectivity Link or by Red Hat? Click the Watch button to subscribe.
