Lucene search

[email protected]NVD:CVE-2024-36541

HistoryJul 24, 2024 - 4:15 p.m.

CVE-2024-36541

2024-07-2416:15:06

CWE-276

[email protected]

web.nvd.nist.gov

insecure permissions

logging-operator

sensitive data

privilege escalation

service account's token

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token.

Affected configurations

Nvd

Node

kube-logginglogging-operatorMatch4.6.0

VendorProductVersionCPE
kube-logginglogging-operator4.6.0cpe:2.3:a:kube-logging:logging-operator:4.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kube-logging	logging-operator	4.6.0	cpe:2.3:a:kube-logging:logging-operator:4.6.0:::::::*

References

gist.github.com/HouqiyuA/f972d1c152f3b8127af01206f7c2af0d

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

Related for NVD:CVE-2024-36541

cvelist1 vulnrichment1 cve1