11 matches found
EUVD-2024-2482
Malicious code in bioql PyPI...
CVE-2024-41820
Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the...
GO-2024-3039 Kubean vulnerable to cluster-level privilege escalation in github.com/kubean-io/kubean
Kubean vulnerable to cluster-level privilege escalation in github.com/kubean-io/kubean...
CVE-2024-41820
Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the...
CVE-2024-41820 Cluster-level privilege escalation in kubean
Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the...
CVE-2024-41820 Cluster-level privilege escalation in kubean
Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the...
CVE-2024-41820 Cluster-level privilege escalation in kubean
Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the...
CVE-2024-41820
CVE-2024-41820: Kubean (cluster lifecycle management toolchain) exposes a ClusterRole with all verbs on all resources, enabling cluster‑level privilege escalation if an attacker gains access to a worker node hosting kubean. The issue is fixed in release 0.18.0; upgrade is advised. The Red Hat sec...
GHSA-3WFJ-3X8Q-HRPG Kubean vulnerable to cluster-level privilege escalation
Impact This ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. Patches =v0.18.0 Referenc...
Kubean vulnerable to cluster-level privilege escalation
Impact This ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. Patches =v0.18.0 Referenc...
PT-2024-29587 · Kubean · Kubean
Name of the Vulnerable Software and Affected Versions: Kubean versions prior to 0.18.0 Description: The issue concerns a cluster lifecycle management toolchain where the ClusterRole has excessive permissions, allowing a malicious user to abuse these permissions and perform any action on the whole...