Exploit Report

Computer Security And Bug Information


CVE Title
Published Date2023-03-01T19:15Z
Modified Date2023-03-09T00:57Z
CWE TypeCWE-22
DescriptionUsers authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/kubernetes/kubernetes/issues/113756
Reference DescriptionCONFIRM N/A
Reference URLhttps://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA
Reference DescriptionMLIST N/A
TagsIssue Tracking Vendor Advisory

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles