CVE-2024-53349

Published: Mar 21, 2025Modified: Apr 1, 2025

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

Affected (1)

Products: Linuxfoundation: Kuadrant

Linuxfoundation

1 product

Kuadrant

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linuxfoundation Kuadrant	Up to 0.11.3

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (3)

https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383

Source: cve@mitre.org

Third Party Advisory

https://github.com/Kuadrant/kuadrant-operator

Source: cve@mitre.org

Product

https://www.cncf.io/projects/kuadrant/

Source: cve@mitre.org

Product

Timeline

No history available yet.