CVE-2023-5056 is a vulnerability identified in the Skupper operator component of Red Hat Service Interconnect 1 for RHEL 9. The flaw arises from missing authorization checks during a specific configuration scenario that permits an authenticated attacker located in an adjacent Kubernetes cluster to create a service account with elevated visibility privileges. This service account can view deployments across all namespaces within the cluster, thereby exposing potentially sensitive information about workloads and configurations that should be restricted. The vulnerability does not allow modification or disruption of resources (no integrity or availability impact), but it compromises confidentiality by unauthorized information disclosure. The attack vector requires the attacker to have authenticated access to a neighboring cluster that is connected via the Service Interconnect, which is designed to enable multi-cluster communication. No user interaction is required once authentication is established. The CVSS v3.1 base score is 6.8, reflecting medium severity due to the combination of network attack vector with low complexity, requiring privileges but no user interaction, and the impact limited to confidentiality. No known exploits have been reported in the wild as of the publication date. The vulnerability highlights the importance of strict authorization enforcement in multi-cluster service mesh or interconnect solutions, especially in environments where clusters span different trust boundaries.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of deployment details across Kubernetes namespaces in multi-cluster environments using Red Hat Service Interconnect 1 on RHEL 9. Such information leakage could aid attackers in reconnaissance, enabling them to identify critical services, configurations, or vulnerabilities to target in subsequent attacks. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and critical infrastructure. While the vulnerability does not allow direct modification or disruption of services, the confidentiality breach could lead to compliance violations under GDPR or sector-specific regulations if sensitive operational data is exposed. Organizations operating hybrid or multi-cloud Kubernetes clusters interconnected via Red Hat Service Interconnect are most at risk. The requirement for authenticated access to an adjacent cluster limits the threat to environments where cluster adjacency is configured and where attackers can gain initial footholds. Nonetheless, the potential for lateral movement and information gathering elevates the risk profile for European enterprises relying on these technologies.

To mitigate CVE-2023-5056, European organizations should: 1) Monitor Red Hat advisories closely and apply patches or updates for Service Interconnect and the Skupper operator as soon as they become available. 2) Restrict and tightly control network adjacency between Kubernetes clusters, ensuring only trusted clusters are interconnected. 3) Enforce strict RBAC policies and audit service account creation permissions within all clusters to prevent unauthorized privilege escalation. 4) Implement network segmentation and zero-trust principles to limit access between clusters and reduce the attack surface. 5) Regularly review and monitor logs for unusual service account creation or access patterns indicative of exploitation attempts. 6) Conduct security assessments of multi-cluster configurations to verify that authorization checks are properly enforced. 7) Educate DevOps and security teams about the risks of multi-cluster interconnectivity and the importance of least privilege principles in service mesh deployments.