CVE-2023-5056 β€” Missing Authorization in Redhat Service Interconnect

CWE-862 β€” Missing Authorization3 documents3 sources
Severity
4.1MEDIUMNVD
CNA6.8
EPSS
0.1%
top 84.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Service Interconnect
Timeline
PublishedDec 18

Description

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages1 packages

πŸ”΄Vulnerability Details

1
CVEList
Skupper-operator: privelege escalation via config map↗2023-12-18
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
skupper-operator: privelege escalation via config map↗2023-10-26
β–Ά
CVE-2023-5056 β€” Missing Authorization in Redhat | cvebase