41 matches found
CVE-2024-45054
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
CVE-2024-43403
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...
GHSA-H27C-6XM3-MCQP Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation
Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a released Go package. For more information, see github/advisory-database/issues/5029. Original Advisory Summary This advisory affects the Kanister helm charts and not the go package Details The kanister...
CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...
CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...
CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...
CVE-2024-43403
Kanister (github.com/kanisterio/kanister) is affected by CVE-2024-43403 due to a deployment named default-kanister-operator bound to the Kubernetes ClusterRole edit. The edit ClusterRole includes permissive permissions (create/patch/update for daemonsets, create for serviceaccount/tokens, and imp...
Privilege Escalation
github.com/kubean-io/kubean is vulnerable to Privilege Escalation. The vulnerability is due to the ClusterRole being configured with excessive permissions, allowing a malicious user with access to a worker node to gain unauthorized control over the entire cluster...
PT-2024-29587 · Kubean · Kubean
Name of the Vulnerable Software and Affected Versions: Kubean versions prior to 0.18.0 Description: The issue concerns a cluster lifecycle management toolchain where the ClusterRole has excessive permissions, allowing a malicious user to abuse these permissions and perform any action on the whole...
SUSE SLES15: kubevirt-container-disk / kubevirt-manifests / kubevirt-tests / etc (SUSE-SU-2024:2246-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2246-1 advisory. - Collect component Role rules under operator Role instead of ClusterRole bsc1223965, CVE-2024-33394 - Ensure procps is...
Improper Privilege Management
Rancher is vulnerable to Improper Privilege Management. The vulnerability is due to privilege escalation checks not being properly enforced for RoleTemplate objects when external=true, allowing rules from a ClusterRole to be ignored under certain contexts, which has been fixed by introducing a ne...
Rancher's External RoleTemplates can lead to privilege escalation
Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...
GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation
Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...
Improper Access Control
kubevirt.io/kubevirt is vulnerable to Improper Access Control. The vulnerability is due to ClusterRole allowing excessive permissions to list all secrets in the cluster. This setup does not adhere to the principle of least privilege and potentially allowing an attacker to impersonate the service...
piraeus-operator allows attacker to impersonate service account
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
GHSA-6FG2-HVJ9-832F piraeus-operator allows attacker to impersonate service account
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
Summary: CVE-2024-33398 affects the piraeus-operator (versions ≤ 2.5.0). A ClusterRole is granted list secrets permission, enabling an attacker to impersonate the service account bound to that ClusterRole and leverage high-risk privileges to enumerate confidential information across the cluster. ...