Red Hat Security Advisory: ACS 4.3 enhancement and security update
Red Hat Advanced Cluster Security for Kubernetes (RHACS) version 4. 3. 5 addresses two SQL Injection vulnerabilities in the pgx component, identified as CVE-2024-27304 and CVE-2024-27289. These vulnerabilities involve SQL Injection via Protocol Message Size Overflow and Line Comment Creation, respectively. The update also fixes a bug causing the Central component to crash during upgrades from previous versions. Red Hat rates the security impact as moderate and recommends upgrading to RHACS 4. 3. 5 to mitigate these issues.
AI Analysis
Technical Summary
This advisory covers two SQL Injection vulnerabilities in the pgx component of Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4.3. The first vulnerability (CVE-2024-27304) involves SQL Injection through a Protocol Message Size Overflow, and the second (CVE-2024-27289) involves SQL Injection via Line Comment Creation. Both vulnerabilities could allow an attacker to manipulate SQL queries. The RHACS 4.3.5 release includes fixes for these vulnerabilities and a bug fix preventing the Central component from entering a crash loop during upgrades. The update is rated as having a moderate security impact by Red Hat Product Security.
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to perform SQL Injection attacks against the pgx component within RHACS 4.3, potentially leading to unauthorized data access or manipulation within the affected database component. The advisory does not report any known exploits in the wild. The overall security impact is rated as moderate by Red Hat.
Mitigation Recommendations
Red Hat advises users running versions of RHACS 4.3 prior to 4.3.5 to upgrade to the 4.3.5 release, which contains official fixes for both SQL Injection vulnerabilities and the upgrade-related crash loop bug. No additional mitigation steps are indicated or required beyond applying the update.
Red Hat Security Advisory: ACS 4.3 enhancement and security update
Description
Red Hat Advanced Cluster Security for Kubernetes (RHACS) version 4. 3. 5 addresses two SQL Injection vulnerabilities in the pgx component, identified as CVE-2024-27304 and CVE-2024-27289. These vulnerabilities involve SQL Injection via Protocol Message Size Overflow and Line Comment Creation, respectively. The update also fixes a bug causing the Central component to crash during upgrades from previous versions. Red Hat rates the security impact as moderate and recommends upgrading to RHACS 4. 3. 5 to mitigate these issues.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two SQL Injection vulnerabilities in the pgx component of Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4.3. The first vulnerability (CVE-2024-27304) involves SQL Injection through a Protocol Message Size Overflow, and the second (CVE-2024-27289) involves SQL Injection via Line Comment Creation. Both vulnerabilities could allow an attacker to manipulate SQL queries. The RHACS 4.3.5 release includes fixes for these vulnerabilities and a bug fix preventing the Central component from entering a crash loop during upgrades. The update is rated as having a moderate security impact by Red Hat Product Security.
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to perform SQL Injection attacks against the pgx component within RHACS 4.3, potentially leading to unauthorized data access or manipulation within the affected database component. The advisory does not report any known exploits in the wild. The overall security impact is rated as moderate by Red Hat.
Mitigation Recommendations
Red Hat advises users running versions of RHACS 4.3 prior to 4.3.5 to upgrade to the 4.3.5 release, which contains official fixes for both SQL Injection vulnerabilities and the upgrade-related crash loop bug. No additional mitigation steps are indicated or required beyond applying the update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:1321
- Cve Count
- 2
- Additional Cves
- ["CVE-2024-27304"]
- Cvss Version
- null
Threat ID: 6a1f4e83e29bf47b5007d2f7
Added to database: 6/2/2026, 9:43:31 PM
Last enriched: 6/2/2026, 9:47:13 PM
Last updated: 6/3/2026, 4:58:46 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.