Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-36539
CVE-2024-36539:
Contour vulnerability analysis and mitigation
Overview
Insecure permissions in contour v1.28.3 and earlier versions allow attackers to access sensitive data and escalate privileges by obtaining the service account's token. This vulnerability was discovered and disclosed on July 23, 2024, affecting the Project Contour software (GitHub Advisory, CVE Mitre).
Technical details
The vulnerability is classified as an Incorrect Access Control issue that affects the authentication mechanism in Contour. The vulnerability allows attackers to compromise all Secrets components in Kubernetes, potentially leading to further compromise of other components in the cluster or even complete takeover of the entire Kubernetes cluster. The affected versions include Contour v1.28.3 and earlier releases (GitHub Advisory).
Impact
The vulnerability can lead to unauthorized access to sensitive data and privilege escalation within Kubernetes clusters. Attackers can potentially access all Secrets in the cluster, use sensitive information to elevate privileges, explore other sensitive resources, and ultimately achieve full cluster compromise (GitHub Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management