A race condition was found in the middleware logic that when exploited the user could bypass the authentication middleware. Using a load testing script hitting specific endpoints, an unauthenticated user could query successfully an administration endpoint under heavy load. This impacts only 9.2.0 and 9.2.1.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-39328