CVE-2023-5056 Vulnerability Details

  /     /     /  

CVE-2023-5056 Metadata Quick Info

CVE Published: 18/12/2023 | CVE Updated: 23/11/2024 | CVE Year: 2023
Source: redhat | Vendor: Red Hat | Product: Service Interconnect 1 for RHEL 9
Status : PUBLISHED

---

CVE-2023-5056 Description

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user\'s purview.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-862
CWE Name: Missing Authorization
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).