CVE-2023-5056

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

Published: Dec 18, 2023
Updated: Dec 30, 2023
CVE: CVE-2023-5056
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.1
AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
redhat / service_interconnect	1.0	1.0.x

https://access.redhat.com/errata/RHSA-2023:6219
https://access.redhat.com/security/cve/CVE-2023-5056
https://bugzilla.redhat.com/show_bug.cgi?id=2239517

Vulnerability Database

289,598

CVE-2023-5056