31 matches found
CVE-2023-29018
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...
GO-2023-1721 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator...
CVE-2023-29018
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...
Open redirect
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...
CVE-2023-29018
The CVE-2023-29018 issue affects the OpenFeature Operator, where overly permissive access on the open-feature-operator-controller-manager can allow cluster-wide privilege escalation. Multiple sources (Red Hat, NVD, OSV, GHSA, CNVD, Veracode) describe that an attacker could leverage lax permission...
CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...
CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...
CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...
OpenFeature Operator 安全漏洞
OpenFeature Operator is OpenFeature's tool for exposing feature flags to applications. A security vulnerability exists in OpenFeature Operator versions prior to 0.2.32, which stems from a loose privilege configured on open-feature-operator-controller-manager that can be used to escalate the...
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
Impact On a node controlled by an attacker or malicious user, the lax permissions configured on open-feature-operator-controller-manager can be used to further escalate the privileges of any service account in the cluster. The increased privileges could be used to modify cluster state, leading to...
PT-2023-22090 · Unknown · Openfeature Operator
Name of the Vulnerable Software and Affected Versions: OpenFeature Operator versions prior to 0.2.32 Description: The issue allows an attacker to escalate the privileges of any service account in the cluster, assuming the pre-existence of a vulnerability that enables arbitrary code execution. Thi...