CVE-2021-38182

EUVD-2021-24652
Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
kyma-projectkyma
𝑥
< 1.24.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021