Privelege escalation via config map
CVE-2023-5056

4.1MEDIUM

Key Information:

Vendor
Red Hat
Status
skupper-operator
Service Interconnect 1 for RHEL 9
Vendor
CVE Published:
18 December 2023

Summary

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

References

https://access.redhat.com/errata/RHSA-2023:6219
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5056
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2239517
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.