The vulnerability of the component “koko” in the security audit system for the operation and maintenance of JumpServer, which allows a perpetrator to obtain a cluster token from Kubernetes.

The vulnerability of the koko component in the system for auditing security operations and maintenance of JumpServer is related to improper privilege assignment. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain a Kubernetes cluster token...