exploitDog

GHSA-r5c2-7hp9-v678

Опубликовано: 26 янв. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.

Ссылки

EPSS

Процентиль: 53%

0.00299

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-732

Связанные уязвимости

CVE-2022-0270

CVSS3: 8.8

nvd

около 4 лет назад

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.

EPSS

Процентиль: 53%

0.00299

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-732