Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 283 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation vulnerability. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification. An attacker could exploit this vulnerability to launch further attacks on the system. CWE:CWE-670: Always-Incorrect Control Flow Implementation CVSS Source: IBM X-Force CVSS Base score: 5.6 CVSS Vector:(CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N) CVEID:CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer authentication is enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authorization and allow arbitrary endpoints to join the cluster and begin propagating counterfeit changes. CWE:CWE-639: Authorization Bypass Through User-Controlled Key CVSS Source: IBM X-Force CVSS Base score: 8.1 CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID:CVE-2024-35255 DESCRIPTION: Microsoft Azure Identity Libraries and Microsoft Authentication Library could allow a local authenticated attacker to gain elevated privileges on the system. By sending a…Read More