CVE-2024-53349

EPSS 0.06%
Veröffentlicht 21.03.2025 00:00:00
Zuletzt bearbeitet 01.04.2025 20:21:31
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linuxfoundation ≫ Kuadrant Version <= 0.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.197

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/Kuadrant/kuadrant-operator

Product

https://www.cncf.io/projects/kuadrant/

Product

https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-53349

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-53349

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-53349

EUVD