CVE-2024-36537 — Improper Access Control in Cert-manager

CWE-284 — Improper Access Control2 documents2 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 61.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cert-manager

Timeline

PublishedJul 24

Description

Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDcert-manager/cert-manager1.14.4

🔴Vulnerability Details

GHSA

GHSA-9cfq-668r-pxhc: Insecure permissions in cert-manager v1↗2024-07-24

▶