← voltar
CVE-2023-5056

Skupper-operator: privelege escalation via config map

CVSS 6.8 MEDIUMEPSS 0.3%CWE-862
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
18 dez 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →