2 matches found
CVE-2023-29018
The CVE-2023-29018 issue affects the OpenFeature Operator, where overly permissive access on the open-feature-operator-controller-manager can allow cluster-wide privilege escalation. Multiple sources (Red Hat, NVD, OSV, GHSA, CNVD, Veracode) describe that an attacker could leverage lax permission...
CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...