kubewarden: Excessive permissions for kubewarden-controller-manager-cluster-role
CVE-2023-22645

8.8HIGH

Key Information:

Vendor: Suse
Status: Kubewarden
Vendor: CVE Published:; 19 April 2023

Summary

An Improper Privilege Management vulnerability in SUSE KubeWarden allows unauthorized access to arbitrary secrets when attackers gain access to the ServiceAccount of the KubeWarden controller. This critical flaw affects versions of the KubeWarden controller prior to 1.6.0, potentially exposing sensitive data and undermining the security of applications relying on this controller.

Affected Version(s)

kubewarden kubewarden-controller < 1.6.0

References

https://bugzilla.suse.com/show_bug.cgi?id=1210218

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2023
Vulnerability Reserved
Jan 5, 2023

Credit

https://github.com/younaman