CVE-2024-36539

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36539
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36539.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36539
Aliases
Published
2024-07-24T17:15:10Z
Modified
2025-06-28T06:28:48.181001Z
Summary
[none]
Details

Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

References

Affected packages

Git / github.com/projectcontour/contour

Affected ranges

Type
GIT
Repo
https://github.com/projectcontour/contour
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
27d3bc6e5d5cd758f0237c0a510d4563eba521b0

Affected versions

Other

docker-base-layer

v0.*

v0.10.0-rc.1
v0.13.0-beta.1
v0.13.0-beta.2
v0.6.0-alpha.1
v0.6.0-alpha.2
v0.6.0-alpha.3
v0.6.0-beta.1
v0.6.0-beta.2
v0.6.0-beta.3

v1.*

v1.2.0
v1.28.0
v1.28.1
v1.28.2
v1.28.3