exploitDog

CVE-2021-38182

Опубликовано: 14 дек. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.

Ссылки

https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv
Third Party Advisory
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Not Applicable
https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv
Third Party Advisory
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kyma-project:kyma:*:*:*:*:*:*:*:*

Версия до 1.24.7 (исключая)

EPSS

Процентиль: 66%

0.00517

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

EPSS

Процентиль: 66%

0.00517

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20