github.com/cert-manager/cert-manager-v1.14.4: 1 vulnerabilities (highest severity is: 8.2) #522
Description
Vulnerable Library - github.com/cert-manager/cert-manager-v1.14.4
Automatically provision and manage TLS certificates in Kubernetes
Library home page: https://proxy.golang.org/github.com/cert-manager/cert-manager/@v/v1.14.4.zip
Path to dependency file: /capten/go.mod
Path to vulnerable library: /go/pkg/mod/cache/download/github.com/cert-manager/cert-manager/@v/v1.14.4.mod
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (github.com/cert-manager/cert-manager-v1.14.4 version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-36537 |  High |
8.2 | github.com/cert-manager/cert-manager-v1.14.4 | Direct | N/A | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-36537
Vulnerable Library - github.com/cert-manager/cert-manager-v1.14.4
Automatically provision and manage TLS certificates in Kubernetes
Library home page: https://proxy.golang.org/github.com/cert-manager/cert-manager/@v/v1.14.4.zip
Path to dependency file: /capten/go.mod
Path to vulnerable library: /go/pkg/mod/cache/download/github.com/cert-manager/cert-manager/@v/v1.14.4.mod
Dependency Hierarchy:
- ❌ github.com/cert-manager/cert-manager-v1.14.4 (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
Publish Date: 2024-07-24
URL: CVE-2024-36537
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Step up your Open Source Security Game with Mend here