Bug 2424509 (CVE-2025-68476)
| Summary: | CVE-2025-68476 github.com/kedacore/keda: KEDA: Arbitrary file read vulnerability in Vault authentication | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | caswilli, dhanak, drosa, dsimansk, jkoehler, kaycoth, kingland, kverlaen, lphiri, manissin, matzew, mnovotny, sausingh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in KEDA, a Kubernetes-based Event Driven Autoscaling component. This arbitrary file read vulnerability allows an attacker with permissions to create or modify a TriggerAuthentication resource to read any file from the node's filesystem where the KEDA pod resides. This is due to insufficient path validation when handling Service Account Tokens during HashiCorp Vault authentication. Successful exploitation can lead to the exfiltration of sensitive system information, such as secrets or configuration files.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-12-22 22:04:04 UTC
|