exploitDog

CVE-2024-53349

Опубликовано: 21 мар. 2025

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

Ссылки

https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383
Third Party Advisory
https://github.com/Kuadrant/kuadrant-operator
Product
https://www.cncf.io/projects/kuadrant/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:kuadrant:*:*:*:*:*:*:*:*

Версия до 0.11.3 (включая)

EPSS

Процентиль: 23%

0.00078

Низкий

7.4 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-wm78-66mj-jh7h

CVSS3: 7.4

github

11 месяцев назад

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

EPSS

Процентиль: 23%

0.00078

Низкий

7.4 High

CVSS3

Дефекты

CWE-269