- Description
- A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 4.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-305
- Hype score
- Not currently trending
CVE-2024-12582 (CVSS:7.1, HIGH) is Received. A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metri..https://t.co/VAtHMID5EZ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
28 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12582 (CVSS:7.1, HIGH) is Received. A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metri..https://t.co/VAtHMID5EZ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
27 Dec 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12582 A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets … https://t.co/Q8ZD09mdfm
@CVEnew
24 Dec 2024
417 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes