Summary
Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate
allows users to bypass RBAC and access Secrets in unauthorized namespaces.
Severity
HIGH (CVSS 7.5-8.5)
Affected Versions
All versions prior to v0.13.4
Patched Versions
v0.13.4 and later
Impact
Users with permission to create DiscoveryServiceCertificate resources in one
namespace can indirectly read Secrets from other namespaces, completely
bypassing Kubernetes RBAC security boundaries.
Workarounds
Restrict DiscoveryServiceCertificate create permissions to cluster administrators
only until patched version is deployed.
References
Credit
Thanks to @debuggerchen for the responsible disclosure.
debuggerchen Reporter
Summary
Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate
allows users to bypass RBAC and access Secrets in unauthorized namespaces.
Severity
HIGH (CVSS 7.5-8.5)
Affected Versions
All versions prior to v0.13.4
Patched Versions
v0.13.4 and later
Impact
Users with permission to create DiscoveryServiceCertificate resources in one
namespace can indirectly read Secrets from other namespaces, completely
bypassing Kubernetes RBAC security boundaries.
Workarounds
Restrict DiscoveryServiceCertificate create permissions to cluster administrators
only until patched version is deployed.
References
Credit
Thanks to @debuggerchen for the responsible disclosure.