Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service accounts token, leading to escalation of privileges via the secretes component in the k8s cluster
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.