CVE-2024-53349

Sažetak

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

Reference

https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383
https://github.com/Kuadrant/kuadrant-operator
https://www.cncf.io/projects/kuadrant/

CVSS

Base:	7.4
Impact:	5.2
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

01-04-2025 - 20:21

Objavljeno

21-03-2025 - 16:15