CVE-2023-22645 – kubewarden: Excessive permissions for kubewarden-controller-manager-cluster-role
https://notcve.org/view.php?id=CVE-2023-22645
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. • https://bugzilla.suse.com/show_bug.cgi?id=1210218 • CWE-269: Improper Privilege Management •
CVE-2023-29018 – OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-29018
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify. • https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32 https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83 • CWE-269: Improper Privilege Management •
CVE-2023-29194 – vitess allows users to create keyspaces that can deny access to already existing keyspaces
https://notcve.org/view.php?id=CVE-2023-29194
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. • https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88 https://github.com/vitessio/vitess/commits/v0.16.1 https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f • CWE-20: Improper Input Validation CWE-703: Improper Check or Handling of Exceptional Conditions •
CVE-2023-30512
https://notcve.org/view.php?id=CVE-2023-30512
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. • https://github.com/cubefs/cubefs/issues/1882 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-25809 – rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
https://notcve.org/view.php?id=CVE-2023-25809
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. • https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17 https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc https://access.redhat.com/security/cve/CVE-2023-25809 https://bugzilla.redhat.com/show_bug.cgi?id=2182884 • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions •