CVE-2024-53349

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383	Third Party Advisory
https://github.com/Kuadrant/kuadrant-operator	Product
https://www.cncf.io/projects/kuadrant/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:kuadrant:*:*:*:*:*:*:*:*

History

01 Apr 2025, 20:21

Type	Values Removed	Values Added
References	~~() https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383 -~~	() https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383 - Third Party Advisory
References	~~() https://github.com/Kuadrant/kuadrant-operator -~~	() https://github.com/Kuadrant/kuadrant-operator - Product
References	~~() https://www.cncf.io/projects/kuadrant/ -~~	() https://www.cncf.io/projects/kuadrant/ - Product
First Time		Linuxfoundation Linuxfoundation kuadrant
CPE		cpe:2.3:a:linuxfoundation:kuadrant::::::::

24 Mar 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-269
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.4
Summary		(es) Los permisos inseguros en kuadrant v0.11.3 permiten a los atacantes obtener acceso al token de la cuenta de servicio, lo que lleva a una escalada de privilegios a través del componente secretes en el clúster k8s

21 Mar 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-21 16:15

Updated : 2025-04-01 20:21

NVD link : CVE-2024-53349

Mitre link : CVE-2024-53349

CVE.ORG link : CVE-2024-53349

JSON object : View

Products Affected

linuxfoundation

kuadrant

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-53349", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2025-03-21T16:15:18.057", "references": [{"url": "https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Kuadrant/kuadrant-operator", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.cncf.io/projects/kuadrant/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster"}, {"lang": "es", "value": "Los permisos inseguros en kuadrant v0.11.3 permiten a los atacantes obtener acceso al token de la cuenta de servicio, lo que lleva a una escalada de privilegios a trav\u00e9s del componente secretes en el cl\u00faster k8s"}], "lastModified": "2025-04-01T20:21:31.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:kuadrant:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCF51F2E-444B-4404-87F7-3E0FF321DCA3", "versionEndIncluding": "0.11.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.4 /10