CVE-2022-0270

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups...

CVE-2022-0270

CVE-2022-0270 affects bored-agent before v0.6.1. Root cause: failure to sanitize incoming Kubernetes impersonation headers, allowing a user to override the assigned username and groups. Impact: credential/user identity spoofing with high severity (CVSSv3.1 base 8.8; confidentiality, integrity, an...

CVE-2022-0270 Improper header sanitization in bored-agent causes escalation of privilege

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups...

PT-2022-13085 · Unknown · Bored-Agent

Name of the Vulnerable Software and Affected Versions: bored-agent versions prior to 0.6.1 Description: The issue arises from the failure to sanitize incoming Kubernetes impersonation headers, allowing a user to override the assigned user name and groups. Recommendations: For versions prior to...

BoreD Agent 安全漏洞

BoreD Agent is an open source agent for the BoreD tunneling daemon from the US-based Lens team. A security vulnerability exists in BoreD Agent versions prior to v0.6.1, which stems from an inability to clear incoming kubernetes emulation headers, which can be exploited by an attacker to override...

CVE-2022-0270

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups...