CVE-2023-5056: Skupper-operator: privelege escalation via config map
First published: Mon Sep 18 2023(Updated: )
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Redhat Service Interconnect | =1.0 | |
| Redhat Enterprise Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-5056
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/redhat service interconnect
- version/redhat service interconnect/1.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/9.0