CVE-2025-47284

Опубликовано: 19 мая 2025

Источник: nvd

CVSS3: 9.9

EPSS Низкий

Описание

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

Ссылки

https://github.com/gardener/gardener/security/advisories/GHSA-9x73-87fh-54w9
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gardener:gardener:*:*:*:*:*:*:*:*

Версия до 1.116.4 (исключая)

cpe:2.3:a:gardener:gardener:*:*:*:*:*:*:*:*

Версия от 1.117.0 (включая) до 1.117.5 (исключая)

cpe:2.3:a:gardener:gardener:*:*:*:*:*:*:*:*

Версия от 1.118.0 (включая) до 1.118.2 (исключая)

EPSS

Процентиль: 23%

0.00075

Низкий

9.9 Critical

CVSS3

9.9 Critical

CVSS3

Дефекты

CWE-150

Связанные уязвимости

GHSA-9x73-87fh-54w9

CVSS3: 9.9

github

9 месяцев назад

Gardener allows metadata injection for a project secret which can lead to privilege escalation

EPSS

Процентиль: 23%

0.00075

Низкий

9.9 Critical

CVSS3

9.9 Critical

CVSS3

Дефекты

CWE-150