CVE-2024-53349

HIGH

Kuadrant < 0.11.3 - Privilege Escalation via Insecure Service Account Token Permissions

Title source: llm

Description

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

References (3)

Core 3

Core References

Third Party Advisory

https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383

Product

https://github.com/Kuadrant/kuadrant-operator

Product

https://www.cncf.io/projects/kuadrant/

Scores

CVSS v3 7.4

EPSS 0.0034

EPSS Percentile 25.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

linuxfoundation/kuadrant < 0.11.3

Published Mar 21, 2025

Tracked Since Feb 18, 2026