Primary

Context

Gardener Privilege Escalation Vulnerability Allowing Control Over Seed Clusters

Vulnerability

Patched

A critical vulnerability exists in Gardener versions prior to 1.116.4, 1.117.5, 1.118.2, and 1.119.0. This vulnerability allows users with administrative privileges in a Gardener project to gain control over the seed clusters managing their shoot clusters. The issue affects all Gardener installations, regardless of the public cloud provider used for the seed or shoot clusters.

Impact

Exploitation of this vulnerability could lead to unauthorized control over seed clusters, allowing for potential manipulation or management of resources within those clusters.

Remediation

Users are advised to update to Gardener versions 1.116.4, 1.117.5, 1.118.2, or 1.119.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gardener Privilege Escalation Vulnerability Allowing Control Over Seed Clusters

Vulnerability

Impact

Remediation

Affected Products

gardener/gardener

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating