CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
github.com/layer5io/meshery is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account’s token. Attackers can exploit this vulnerability to access sensitive information and escalate their privileges within the system.