Meshery
CVE-2024-36535
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
AnalysisAI
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Affected products include: Layer5 Meshery.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL comman
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructur
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructur
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructur
A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensit
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today