Primary

Context

Gardener Control Over Seed Clusters Vulnerability in gardenlet Component

Vulnerability

Patched

A critical vulnerability has been identified in the gardenlet component of Gardener, affecting versions prior to 1.116.4, 1.117.5, 1.118.2, and 1.119.0. This vulnerability allows users with administrative privileges in a Gardener project to gain control over the seed clusters managing their shoot clusters. The issue is present in all Gardener installations using the gardener/gardener-extension-provider-gcp.

Impact

Exploitation of this vulnerability could lead to unauthorized control over seed clusters, allowing manipulation of the shoot clusters managed within them.

Remediation

Users are advised to update to Gardener versions 1.116.4, 1.117.5, 1.118.2, or 1.119.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gardener Control Over Seed Clusters Vulnerability in gardenlet Component

Vulnerability

Impact

Remediation

Affected Products

gardener/gardener

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating