CVE-2023-5056
6.8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Service Interconnect 1 for RHEL 9 | 1.4.3-5 < * | unaffected |
| Red Hat | Service Interconnect 1 for RHEL 9 | 1.4.3-5 < * | unaffected |
| Red Hat | Service Interconnect 1 for RHEL 9 | 1.4.3-6 < * | unaffected |
| Red Hat | Service Interconnect 1 for RHEL 9 | 2.4.3-3 < * | unaffected |
| Red Hat | Service Interconnect 1 for RHEL 9 | 1.4.3-4 < * | unaffected |
| Red Hat | Service Interconnect 1 for RHEL 9 | 1.4.3-6 < * | unaffected |
Weaknesses
- CWE-862: Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:6219
- https://access.redhat.com/security/cve/CVE-2023-5056
- https://bugzilla.redhat.com/show_bug.cgi?id=2239517
References
- https://access.redhat.com/errata/RHSA-2023:6219
- https://access.redhat.com/security/cve/CVE-2023-5056
- https://bugzilla.redhat.com/show_bug.cgi?id=2239517
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.