Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
References
Link | Resource |
---|---|
https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3 | Third Party Advisory |
https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3 | Third Party Advisory |
Configurations
History
27 Jun 2025, 16:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3 - Third Party Advisory | |
CPE | cpe:2.3:a:cert-manager:cert-manager:1.14.4:*:*:*:*:*:*:* | |
First Time |
Cert-manager cert-manager
Cert-manager |
21 Nov 2024, 09:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3 - |
01 Aug 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-284 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
Summary |
|
24 Jul 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-24 19:15
Updated : 2025-06-27 16:50
NVD link : CVE-2024-36537
Mitre link : CVE-2024-36537
CVE.ORG link : CVE-2024-36537
JSON object : View
Products Affected
cert-manager
- cert-manager
CWE
CWE-284
Improper Access Control