{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-5056","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2023-09-18T18:33:13.584Z","datePublished":"2023-12-18T13:43:07.807Z","dateUpdated":"2025-11-20T07:02:56.903Z"},"containers":{"cna":{"title":"Skupper-operator: privelege escalation via config map","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview."}],"affected":[{"vendor":"Red Hat","product":"Service Interconnect 1 for RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"service-interconnect/skupper-config-sync-rhel9","defaultStatus":"affected","versions":[{"version":"1.4.3-5","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:service_interconnect:1::el9"]},{"vendor":"Red Hat","product":"Service Interconnect 1 for RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"service-interconnect/skupper-flow-collector-rhel9","defaultStatus":"affected","versions":[{"version":"1.4.3-5","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:service_interconnect:1::el9"]},{"vendor":"Red Hat","product":"Service Interconnect 1 for RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"service-interconnect/skupper-operator-bundle","defaultStatus":"affected","versions":[{"version":"1.4.3-6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:service_interconnect:1::el9"]},{"vendor":"Red Hat","product":"Service Interconnect 1 for RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"service-interconnect/skupper-router-rhel9","defaultStatus":"affected","versions":[{"version":"2.4.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:service_interconnect:1::el9"]},{"vendor":"Red Hat","product":"Service Interconnect 1 for RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"service-interconnect/skupper-service-controller-rhel9","defaultStatus":"affected","versions":[{"version":"1.4.3-4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:service_interconnect:1::el9"]},{"vendor":"Red Hat","product":"Service Interconnect 1 for RHEL 9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"service-interconnect/skupper-site-controller-rhel9","defaultStatus":"affected","versions":[{"version":"1.4.3-6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:service_interconnect:1::el9"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:6219","name":"RHSA-2023:6219","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-5056","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239517","name":"RHBZ#2239517","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2023-10-26T14:58:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"Missing Authorization","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-862: Missing Authorization","timeline":[{"lang":"en","time":"2023-09-12T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2023-10-26T14:58:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2025-11-20T07:02:56.903Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:44:53.783Z"},"title":"CVE Program Container","references":[{"url":"https://access.redhat.com/errata/RHSA-2023:6219","name":"RHSA-2023:6219","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-5056","tags":["vdb-entry","x_refsource_REDHAT","x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239517","name":"RHBZ#2239517","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"]}]}]}}