4 matches found
CVE-2022-0270
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups...
CVE-2022-0270 Improper header sanitization in bored-agent causes escalation of privilege
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups...
CVE-2022-0270
CVE-2022-0270 affects bored-agent before v0.6.1. Root cause: failure to sanitize incoming Kubernetes impersonation headers, allowing a user to override the assigned username and groups. Impact: credential/user identity spoofing with high severity (CVSSv3.1 base 8.8; confidentiality, integrity, an...
CVE-2022-0270
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups...