CVE-2023-5056

{"id": "CVE-2023-5056", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2023-12-18T14:15:10.133", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:6219", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5056", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239517", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el operador Skupper, que puede permitir que una determinada configuraci\u00f3n cree una cuenta de servicio que permitir\u00eda a un atacante autenticado en el cl\u00faster adyacente ver las implementaciones en todos los espacios de nombres del cl\u00faster. Este problema permite la visualizaci\u00f3n no autorizada de informaci\u00f3n fuera del \u00e1mbito del usuario."}], "lastModified": "2023-12-29T18:14:30.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B0CF2B-D1E1-4E20-846E-6F0D873499A9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}