CVE-2023-22645

Published: Apr 19, 2023Modified: Feb 5, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.

Affected (1)

Products: Linuxfoundation: Kubewarden Controller

Linuxfoundation

1 product

Kubewarden Controller

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linuxfoundation Kubewarden Controller	Before 1.6.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://bugzilla.suse.com/show_bug.cgi?id=1210218

Source: meissner@suse.de

Issue TrackingVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1210218

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.