Linux Foundation Openfeature
By the Year
In 2024 there have been 0 vulnerabilities in Linux Foundation Openfeature . Last year Openfeature had 1 security vulnerability published. Right now, Openfeature is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Openfeature vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Foundation Openfeature Security Vulnerabilities
The OpenFeature Operator allows users to expose feature flags to applications
CVE-2023-29018
8.8 - High
- April 14, 2023
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linux Foundation Openfeature or by Linux Foundation? Click the Watch button to subscribe.
