Vulnerabilities > CVE-2023-5056 - Missing Authorization vulnerability in Redhat Service Interconnect 1.0

CVSS 4.1 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

low complexity

redhat

CWE-862

NVD

Published: 2023-12-18

Updated: 2023-12-29

Summary

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Service Interconnect 1.0	1
OS	Redhat Redhat Enterprise Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://access.redhat.com/errata/RHSA-2023:6219
https://access.redhat.com/security/cve/CVE-2023-5056
https://bugzilla.redhat.com/show_bug.cgi?id=2239517