PT-2023-7534 · Unknown · Skupper Operator

Chess Hazlett

Publicado

2023-09-18

Atualizado

2023-12-29

CVE-2023-5056

CVSS v3.1

6.8

Média

Vetor

AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Skupper operator (affected versions not specified)

Description A flaw in the Skupper operator may allow an authenticated attacker in an adjacent cluster to view deployments in all namespaces, permitting unauthorized access to information outside of the user's purview. The issue is related to inadequate access control, which can be exploited to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-200

Identificadores relacionados

BDU:2023-08588

CVE-2023-5056

Produtos afetados

Skupper Operator

PT-2023-7534 · Unknown · Skupper Operator

CVE-2023-5056

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9