VDB

GCVE-110-CLOUD-2024-0053

GCVE-110-CLOUD-2024-0053
Advisory Published
Vulnetix · Advisory published January 24, 2024
The system:authenticated group in Kubernetes is a special group that includes all authenticated entities, including human users and service accounts. Anyone who successfully authenticates to the Kubernetes API server, regardless of the authentication method used, will be automatically included in this unique group. Thus, it will share the same roles and permissions of the group. This misunderstanding then creates a significant security loophole when administrators unknowingly bind this group with overly permissive roles.

Affected Products

VendorProductVersionsPlatforms
GCPGKE
GCPCloud Services

References

advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›