CVE-2023-5056 MEDIUM

CVE-2023-5056: Skupper-operator: privelege escalation via config map

Weakness CWE-862 · Missing authorization

Published December 18, 2023

Last update November 20, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

Key dates

02Disclosure timeline

December 18, 2023 CVE published

November 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5056 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-49288 WordPress Ultimate WP Mail plugin <= 1.3.5 - Account Takeover via Email Log Leak Vulnerability CVE-2024-12184 WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download CVE-2020-5368 CVE-2023-47224 WordPress WP Travel plugin <= 7.8.0 - Broken Access Control vulnerability CVE-2024-31244 WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability