CVE-2024-48921

HIGH Year: 2024
CVSS v3 Score
2.7
Low
Weakness Type
CWE-285
View all →

Vulnerability Description

Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0.

Related Vulnerabilities

CVE-2014-6049

LOW
CVSS:2.7(Low)

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.

CWE-2852014

CVE-2020-24403

LOW
CVSS:2.7(Low)

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users wi...

CWE-2852020

CVE-2020-24404

LOW
CVSS:2.7(Low)

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions t...

CWE-2852020

CVE-2024-5798

LOW
CVSS:2.6(Low)

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audie...

CWE-2852024

CVE-2021-25351

LOW
CVSS:2.4(Low)

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.

CWE-2852021

CVE-2022-36857

LOW
CVSS:2.4(Low)

Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.

CWE-2852022