CVE-2024-36537

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cert-manager version 1.14.4

Description The issue is related to insecure permissions, allowing attackers to access sensitive data and escalate privileges by obtaining the service account's token.

Recommendations For cert-manager version 1.14.4, update to a version that addresses the insecure permissions issue to prevent attackers from accessing sensitive data and escalating privileges.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BIT-CERT-MANAGER-2024-36537

CLEANSTART-2026-GZ35045

CLEANSTART-2026-OL32822

CVE-2024-36537

Affected Products

Cert-Manager

CVE-2024-36537

Weakness Enumeration

Related Identifiers

Affected Products

References · 90