CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30841 – Ironic and ironic-inspector deployed within Baremetal Operator may expose as ConfigMaps
https://notcve.org/view.php?id=CVE-2023-30841
26 Apr 2023 — Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#12... • https://github.com/metal3-io/baremetal-operator/pull/1241 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2250
https://notcve.org/view.php?id=CVE-2023-2250
24 Apr 2023 — A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. • https://github.com/open-cluster-management-io/registration-operator/pull/344 • CWE-268: Privilege Chaining •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22645 – kubewarden: Excessive permissions for kubewarden-controller-manager-cluster-role
https://notcve.org/view.php?id=CVE-2023-22645
19 Apr 2023 — An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. • https://bugzilla.suse.com/show_bug.cgi?id=1210218 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29018 – OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-29018
14 Apr 2023 — The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources ... • https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32 • CWE-269: Improper Privilege Management •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29194 – vitess allows users to create keyspaces that can deny access to already existing keyspaces
https://notcve.org/view.php?id=CVE-2023-29194
14 Apr 2023 — Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. • https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88 • CWE-20: Improper Input Validation CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30512
https://notcve.org/view.php?id=CVE-2023-30512
12 Apr 2023 — CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. • https://github.com/cubefs/cubefs/issues/1882 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25809 – rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
https://notcve.org/view.php?id=CVE-2023-25809
29 Mar 2023 — runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro... • https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17 • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28642 – AppArmor bypass with symlinked /proc in runc
https://notcve.org/view.php?id=CVE-2023-28642
29 Mar 2023 — runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. • https://github.com/opencontainers/runc/pull/3785 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-281: Improper Preservation of Permissions CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2022-41354 – ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API
https://notcve.org/view.php?id=CVE-2022-41354
24 Mar 2023 — An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge of an application name to convince an administrator to grant higher privileges. An update is ... • http://argo.com • CWE-203: Observable Discrepancy •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-27561 – runc: volume mount race condition (regression of CVE-2019-19921)
https://notcve.org/view.php?id=CVE-2023-27561
03 Mar 2023 — runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a syml... • https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9 • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •