EUVD-2023-1275

Malicious code in bioql PyPI...

CVE-2023-29018

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...

GO-2023-1721 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator

OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator...

CVE-2023-29018

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...

Open redirect

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...

CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...

CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...

CVE-2023-29018

The CVE-2023-29018 issue affects the OpenFeature Operator, where overly permissive access on the open-feature-operator-controller-manager can allow cluster-wide privilege escalation. Multiple sources (Red Hat, NVD, OSV, GHSA, CNVD, Veracode) describe that an attacker could leverage lax permission...

OpenFeature Operator 安全漏洞

OpenFeature Operator is OpenFeature's tool for exposing feature flags to applications. A security vulnerability exists in OpenFeature Operator versions prior to 0.2.32, which stems from a loose privilege configured on open-feature-operator-controller-manager that can be used to escalate the...

OpenFeature Operator vulnerable to Cluster-level Privilege Escalation

Impact On a node controlled by an attacker or malicious user, the lax permissions configured on open-feature-operator-controller-manager can be used to further escalate the privileges of any service account in the cluster. The increased privileges could be used to modify cluster state, leading to...

PT-2023-22090 · Unknown · Openfeature Operator

Name of the Vulnerable Software and Affected Versions: OpenFeature Operator versions prior to 0.2.32 Description: The issue allows an attacker to escalate the privileges of any service account in the cluster, assuming the pre-existence of a vulnerability that enables arbitrary code execution. Thi...