Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5056

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

Published

2023-12-18T14:15:10.133

Last Modified

2024-11-21T08:40:59.260

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	service_interconnect	1.0	Yes
Operating System	redhat	enterprise_linux	9.0	No

References

https://access.redhat.com/errata/RHSA-2023:6219 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-5056 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2239517 Issue Tracking ([email protected])
https://access.redhat.com/errata/RHSA-2023:6219 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-5056 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2239517 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)