admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-220xx/CVE-2024-22032.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

108 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-22032",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T14:15:05.000",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in which an RKE1 cluster keeps \nconstantly reconciling when secrets encryption configuration is enabled.\n When reconciling, the Kube API secret values are written in plaintext \non the AppliedSpec. Cluster owners, Cluster members, and Project members\n (for projects within the cluster), all have RBAC permissions to view \nthe cluster object from the apiserver."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la que un cl\u00faster RKE1 se reconcilia constantemente cuando se habilita la configuraci\u00f3n de cifrado de secretos. Al realizar la conciliaci\u00f3n, los valores secretos de la API de Kube se escriben en texto plano en AppliedSpec. Los propietarios del cl\u00faster, los miembros del cl\u00faster y los miembros del proyecto (para los proyectos dentro del cl\u00faster) tienen permisos RBAC para ver el objeto del cl\u00faster desde el servidor de API."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "meissner@suse.de",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "meissner@suse.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "meissner@suse.de",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22032",
"source": "meissner@suse.de"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-q6c7-56cq-g2wm",
"source": "meissner@suse.de"
}
]
}
Reference in New Issue View Git Blame Copy Permalink