Lucene search
Veracode Vulnerability DatabaseVERACODE:40194HistoryApr 19, 2023 - 5:13 p.m.
Privilege Escalation
2023-04-1917:13:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
privilege escalation
vulnerability
open-feature-operator
cluster data
secrets
0.001 Low
EPSS
Percentile
51.1%
github.com/open-feature/open-feature-operator is vulnerable to Privilege Escalation. The vulnerability exists due to lack of restrictions configured on open-feature-operator-controller-manager which allows a malicious attacker to gain access and read cluster data including secrets.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/open-feature/open-feature-operator | le | v0.2.31 | |
| github.com/open-feature/open-feature-operator | le | v0.2.31 |
References
github.com/advisories/GHSA-cwf6-xj49-wp83
github.com/open-feature/open-feature-operator/commit/6f1f93c98c7b8fbee534cc7db63fc396fa5b73c7
github.com/open-feature/open-feature-operator/pull/436
github.com/open-feature/open-feature-operator/releases/tag/v0.2.32
github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83
Related
cve
cve
CVE-2023-29018
2023-04-14 19:15:09
osv
osv
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
2023-04-12 20:40:38
CVE-2023-29018
2023-04-14 19:15:09
prion
prion
Open redirect
2023-04-14 19:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-29018
2023-04-14 19:15:09
github
github
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
2023-04-12 20:40:38