Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MARIN3R: Cross-Namespace Vulnerability in the Operator
Vulnerability Description
MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is fixed in version 0.13.4.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
marin3r 安全漏洞
Vulnerability Description
marin3r是Red Hat 3scale SRE开源的一个基于CRD的轻量级kubernetes控制面板。 marin3r 0.13.3及之前版本存在安全漏洞,该漏洞源于DiscoveryServiceCertificate存在跨命名空间秘密访问漏洞,可能导致绕过RBAC并访问未经授权的命名空间中的秘密。
CVSS Information
N/A
Vulnerability Type
N/A