Kuadrant 0.11.3 Insecure Permissions Leak SA Token
CVE-2024-53349 Published on March 21, 2025
Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster
Vulnerability Analysis
CVE-2024-53349 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-53349
Want to know whenever a new CVE is published for Linux Foundation Kuadrant? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.