CVE-2023-5056 is a vulnerability identified in the Skupper operator component of Red Hat Service Interconnect 1 for RHEL 9. The flaw arises from missing authorization controls that allow an authenticated attacker located in an adjacent cluster to exploit a specific configuration to create a service account. This service account grants the attacker the ability to view deployment information across all namespaces within the targeted cluster, effectively bypassing intended access controls and namespace isolation. The vulnerability does not allow modification or disruption of deployments but compromises confidentiality by exposing potentially sensitive deployment metadata and configurations. The CVSS 3.1 vector (AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) indicates that the attack requires adjacent network access and low complexity, with the attacker having low privileges but no user interaction needed. The scope is changed, meaning the vulnerability affects resources beyond the attacker’s initial privileges. Although no known exploits have been reported in the wild, the vulnerability poses a risk in multi-tenant or interconnected cluster environments where lateral movement or information gathering could facilitate further attacks. The issue is specific to Red Hat’s implementation of Service Interconnect 1 on RHEL 9, which is used to enable secure communication between Kubernetes clusters, often in hybrid or multi-cloud deployments.

For European organizations, the primary impact is unauthorized disclosure of deployment information across Kubernetes namespaces, which can reveal sensitive operational details, configuration data, and potentially expose attack surface information. This can facilitate reconnaissance activities for further targeted attacks, including privilege escalation or lateral movement within cloud-native environments. Organizations relying on Red Hat Service Interconnect 1 for RHEL 9 in multi-cluster setups, especially in critical sectors such as finance, energy, telecommunications, and government, face increased risk. The confidentiality breach could lead to compliance violations under GDPR if personal or sensitive data configurations are exposed. While the vulnerability does not allow direct modification or denial of service, the information leakage could indirectly lead to more severe compromises. The medium severity rating reflects the balance between the ease of exploitation and the limited scope of impact to confidentiality only.

Organizations should immediately review their Red Hat Service Interconnect 1 deployments on RHEL 9 and apply any available patches or updates from Red Hat once released. In the absence of patches, administrators should audit and restrict configurations that allow creation of service accounts by adjacent clusters, enforcing strict role-based access controls (RBAC) and network segmentation between clusters. Monitoring and logging of service account creation and cross-cluster access attempts should be enhanced to detect suspicious activity. Additionally, organizations should implement the principle of least privilege for all service accounts and regularly review cluster federation and interconnect policies to ensure no excessive permissions are granted. Network-level controls such as firewall rules or Kubernetes network policies should limit adjacency and communication between clusters to trusted entities only. Finally, security teams should incorporate this vulnerability into their threat modeling and incident response plans to quickly address potential exploitation scenarios.