Lucene search
GoogleOSV:GHSA-6FG2-HVJ9-832FHistoryMay 03, 2024 - 6:30 p.m.
piraeus-operator allows attacker to impersonate service account
2024-05-0318:30:36
Google
osv.dev
3
clusterrole
piraeus-operator
vulnerabilities
service account
permissions
confidential information
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/piraeusdatastore/piraeus-operator/v2 | le | 2.5.0 |
Related
cve
cve
CVE-2024-33398
2024-05-03 16:15:11
cvelist
cvelist
CVE-2024-33398
2024-05-03 00:00:00
github
github
piraeus-operator allows attacker to impersonate service account
2024-05-03 18:30:36
veracode
veracode
Improper Access Control
2024-05-07 06:45:54
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.1%
Related for OSV:GHSA-6FG2-HVJ9-832F