Data Posting Vulnerability in Snyk Kubernetes Monitor
CVE-2023-1065

6.5MEDIUM

Key Information:

Vendor: Snyk
Status: Snyk Kubernetes Monitor
Vendor: CVE Published:; 28 February 2023

What is CVE-2023-1065?

This vulnerability in the Snyk Kubernetes Monitor allows an attacker to post irrelevant data to a Snyk Organization. While this doesn't directly compromise user security or leak data, it can obscure relevant security issues. To exploit this vulnerability, an attacker only requires knowledge of the target's Integration ID, but does not need to be authenticated to Snyk. This unpredictable UUID complicates the identification of the affected organization, potentially leading to confusion in security monitoring efforts.

Affected Version(s)

Snyk Kubernetes Monitor 0 < 2.0.0

References

https://github.com/snyk/kubernetes-monitor

https://github.com/snyk/kubernetes-monitor/commit/5b9a782...

https://snyk.io/blog/api-auth-vuln-snyk-kubernetes-cve-20...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Feb 27, 2023

Credit

Tesco CyberSecurity Team

CVE-2023-1065 Data

JSON