Privilege Escalation in Kyma Due to Input Validation Flaw
CVE-2021-33708

7.6HIGH

Key Information:

Vendor: SAP
Status: Kyma
Vendor: CVE Published:; 10 August 2021

Summary

A vulnerability in Kyma arises from insufficient input validation, allowing authenticated users to manipulate request headers. This could lead to potential privilege escalation, enabling unauthorized actions within the system. It is crucial for users and administrators to be aware of this issue to safeguard their environments.

Affected Version(s)

Kyma <1.24

References

https://github.com/kyma-project/kyma/security/advisories/...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
May 28, 2021