CVE-2024-43803Sensitive Information Exposure in Baremetal-operator

CWE-200Sensitive Information ExposureCWE-653Improper Isolation or CompartmentalizationCWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere5 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 55.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Metal3-io Baremetal-operatorGithub.com Metal3-io Baremetal-operator
Timeline
PublishedSep 3
Latest updateDec 20

Description

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the `Name` and `Namespace` of the Secret, meaning that versions of the baremetal-operator prior to 0.8.0, 0.6.2, and 0.5.2 will read a `Secret` from any namespace. A user with access to create or edit a `BareMetalHost`

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5metal3-io/baremetal-operator< 0.5.2+2

🔴Vulnerability Details

3
OSV
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator2024-12-20
GHSA
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD2024-09-03
OSV
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD2024-09-03

📋Vendor Advisories

1
Red Hat
Bare Metal Operator: BMO can expose particularly named secrets from other namespaces via BMH CRD2024-09-03