CVE-2024-53349
Published: 21 March 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2024-53349 involves insecure permissions in Kuadrant version 0.11.3, a CNCF project related to Kubernetes operators. The vulnerability affects the secretes component in a Kubernetes (k8s) cluster, enabling attackers to access the service account's token. This issue, linked to CWE-269 (Improper Privilege Management), was published on 2025-03-21 and carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts.
The attack requires network access and high complexity but no privileges, user interaction, or scope changes. Remote attackers can exploit these insecure permissions to obtain the service account token, resulting in privilege escalation within the Kubernetes cluster.
Mitigation details are available in related advisories, including a GitHub Gist at https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383, the Kuadrant operator repository at https://github.com/Kuadrant/kuadrant-operator, and the CNCF Kuadrant project page at https://www.cncf.io/projects/kuadrant/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Insecure permissions on Kubernetes secrets directly enable unauthorized access to service account tokens (T1552.001 Credentials In Files), which facilitates privilege escalation within the cluster (T1068 Exploitation for Privilege Escalation).