Lucene search
K

41 matches found

NVD
NVD
added 2024/08/28 8:15 p.m.82 views

CVE-2024-45054

Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...

6.7CVSS0.00252EPSS
Exploits0References5
NVD
NVD
added 2024/08/20 10:15 p.m.12 views

CVE-2024-43403

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS0.0052EPSS
Exploits0References2
OSV
OSV
added 2024/08/20 10:13 p.m.11 views

GHSA-H27C-6XM3-MCQP Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a released Go package. For more information, see github/advisory-database/issues/5029. Original Advisory Summary This advisory affects the Kanister helm charts and not the go package Details The kanister...

8.8CVSS8.6AI score0.0052EPSS
Exploits0References5
OSV
OSV
added 2024/08/20 9:16 p.m.6 views

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS7AI score0.0052EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/20 9:16 p.m.18 views

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS6.9AI score0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/20 9:16 p.m.20 views

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS0.0052EPSS
Exploits0References2
CVE
CVE
added 2024/08/20 9:16 p.m.56 views

CVE-2024-43403

Kanister (github.com/kanisterio/kanister) is affected by CVE-2024-43403 due to a deployment named default-kanister-operator bound to the Kubernetes ClusterRole edit. The edit ClusterRole includes permissive permissions (create/patch/update for daemonsets, create for serviceaccount/tokens, and imp...

8.8CVSS8.7AI score0.0052EPSS
Exploits0References2
Veracode
Veracode
added 2024/08/06 9:5 a.m.9 views

Privilege Escalation

github.com/kubean-io/kubean is vulnerable to Privilege Escalation. The vulnerability is due to the ClusterRole being configured with excessive permissions, allowing a malicious user with access to a worker node to gain unauthorized control over the entire cluster...

6CVSS6.9AI score0.00414EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.4 views

PT-2024-29587 · Kubean · Kubean

Name of the Vulnerable Software and Affected Versions: Kubean versions prior to 0.18.0 Description: The issue concerns a cluster lifecycle management toolchain where the ClusterRole has excessive permissions, allowing a malicious user to abuse these permissions and perform any action on the whole...

7CVSS9.6AI score0.00414EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/07/02 12:0 a.m.11 views

SUSE SLES15: kubevirt-container-disk / kubevirt-manifests / kubevirt-tests / etc (SUSE-SU-2024:2246-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2246-1 advisory. - Collect component Role rules under operator Role instead of ClusterRole bsc1223965, CVE-2024-33394 - Ensure procps is...

5.9CVSS6.3AI score0.00324EPSS
Exploits0References4
Veracode
Veracode
added 2024/06/18 9:8 a.m.14 views

Improper Privilege Management

Rancher is vulnerable to Improper Privilege Management. The vulnerability is due to privilege escalation checks not being properly enforced for RoleTemplate objects when external=true, allowing rules from a ClusterRole to be ignored under certain contexts, which has been fixed by introducing a ne...

7.5CVSS7.2AI score0.00493EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/17 10:30 p.m.25 views

Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

7.5CVSS6.2AI score0.00493EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/06/17 10:30 p.m.23 views

GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References4
Veracode
Veracode
added 2024/05/07 6:44 a.m.8 views

Improper Access Control

kubevirt.io/kubevirt is vulnerable to Improper Access Control. The vulnerability is due to ClusterRole allowing excessive permissions to list all secrets in the cluster. This setup does not adhere to the principle of least privilege and potentially allowing an attacker to impersonate the service...

5.9CVSS6.7AI score0.00324EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/03 6:30 p.m.26 views

piraeus-operator allows attacker to impersonate service account

There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...

7.5CVSS6.8AI score0.00599EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/05/03 6:30 p.m.17 views

GHSA-6FG2-HVJ9-832F piraeus-operator allows attacker to impersonate service account

There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...

7.5CVSS7.3AI score0.00599EPSS
Exploits0References5
NVD
NVD
added 2024/05/03 4:15 p.m.22 views

CVE-2024-33398

There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...

7.5CVSS6.2AI score0.00599EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/03 12:0 a.m.15 views

CVE-2024-33398

There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...

6.5AI score0.00599EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/03 12:0 a.m.25 views

CVE-2024-33398

There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...

6.4AI score0.00599EPSS
Exploits0References4
CVE
CVE
added 2024/05/03 12:0 a.m.64 views

CVE-2024-33398

Summary: CVE-2024-33398 affects the piraeus-operator (versions ≤ 2.5.0). A ClusterRole is granted list secrets permission, enabling an attacker to impersonate the service account bound to that ClusterRole and leverage high-risk privileges to enumerate confidential information across the cluster. ...

7.5CVSS6.4AI score0.00599EPSS
Exploits0References4
Rows per page
Query Builder