Bypassing project secret validation can lead to privilege escalation

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

N/A

输入验证不恰当

Gardener 输入验证错误漏洞

Gardener是Gardener开源的一款开源的Kubernetes集群管理工具。该产品支持管理、监控和更新Kubernetes集群。 Gardener 1.119.0之前版本存在输入验证错误漏洞，该漏洞源于绕过项目秘密验证，可能导致权限提升。

N/A

N/A