Richard Turnbull

**Name of the Vulnerable Software and Affected Versions** Kubernetes (affected versions not specified) **Description** The issue is related to insufficient access control in Kubernetes, allowing users authorized to list or watch one type of namespaced custom resource cluster-wide to read custom resources of a different type in the same API group without authorization. This affects clusters with 2+ CustomResourceDefinitions sharing the same API group, where users have cluster-wide list or watch authorization on one custom resource but not on another in the same API group. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.