HIGH🇵🇱 Wersja polska

CVE-2019-12494

CVSS 8.5v3.0pub. 2019-06-05upd. 2024-11-21

In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Gardener

    APP
    Gardener
    < 0.20.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2025-47283CRITICAL9.9PL ✓ten sam produkt

Eskalacja uprawnień w Gardener — przejęcie kontroli nad seed cluster

CVE-2025-47284CRITICAL9.9PL ✓ten sam produkt

Eskalacja uprawnień w Gardener — przejęcie kontroli nad seed cluster

CVE-2018-2475HIGH8.5ten sam produkt

Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in t...