๐Ÿ” CVE Alert

CVE-2023-5056

MEDIUM 6.8

Skupper-operator: privelege escalation via config map

CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

CWE CWE-862
Vendor red hat
Product service interconnect 1 for rhel 9
Published Dec 18, 2023
Last Updated Nov 20, 2025
Stay Ahead of the Next One

Get instant alerts for red hat service interconnect 1 for rhel 9

Be the first to know when new medium vulnerabilities affecting red hat service interconnect 1 for rhel 9 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

Red Hat / Service Interconnect 1 for RHEL 9
All versions affected
Red Hat / Service Interconnect 1 for RHEL 9
All versions affected
Red Hat / Service Interconnect 1 for RHEL 9
All versions affected
Red Hat / Service Interconnect 1 for RHEL 9
All versions affected
Red Hat / Service Interconnect 1 for RHEL 9
All versions affected
Red Hat / Service Interconnect 1 for RHEL 9
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6219 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-5056 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2239517