CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege...

8.2CVSS6.7AI score0.00381EPSS

Exploits0References3

OSV•added 2025/05/06 3:37 p.m.•3 views

GO-2025-3656 Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin in volcano.sh/volcano

Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin in volcano.sh/volcano...

8.2CVSS6.7AI score0.00381EPSS

Exploits0References12

NVD•added 2025/04/30 7:15 p.m.•12 views

CVE-2025-32777

8.2CVSS0.00381EPSS

Exploits0References6

Snyk•added 2025/04/30 6:42 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when using either the Elastic service or the extender plugin. An attacker can cause the scheduler to crash or become completely unavailable to the cluster. This is only exploitable if...

8.9CVSS7AI score0.00381EPSS

Exploits0References3

Snyk•added 2025/04/30 6:42 p.m.•3 views

Allocation of Resources Without Limits or Throttling

8.9CVSS7AI score0.00381EPSS

Exploits0References3

Cvelist•added 2025/04/30 6:27 p.m.•22 views

CVE-2025-32777 Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin

8.2CVSS0.00381EPSS

Exploits0References6

Vulnrichment•added 2025/04/30 6:27 p.m.•5 views

CVE-2025-32777 Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin

8.2CVSS6.4AI score0.00381EPSS

Exploits0References6

Github Security Blog•added 2025/04/30 4:40 p.m.•8 views

Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin

Impact This issue allows an attacker who has compromised either the Elastic service or the extender plugin to cause denial of service of the scheduler. This is a privilege escalation, because Volcano users may run their Elastic service and extender plugins in separate pods or nodes from the...

8.2CVSS6.7AI score0.00381EPSS

Exploits0References14Affected Software1

CNNVD•added 2025/04/30 12:0 a.m.•1 views

Volcano 安全漏洞

Volcano is a batch processing system built on Kubernetes by Volcano Open Source. A security vulnerability exists in Volcano versions prior to 1.11.2, which stems from a service or plugin being under the control of an attacker and could lead to a denial of service and elevation of privilege...

8.2CVSS6.4AI score0.00381EPSS

Exploits0References6

OSV•added 2024/08/06 10:3 p.m.•11 views

GO-2024-3034 Volcano has insecure permissions in volcano.sh/volcano

Volcano has insecure permissions in volcano.sh/volcano...

9.8CVSS9.5AI score0.00476EPSS

Exploits0References6

Veracode•added 2024/07/27 9:58 a.m.•14 views

Privilege Escalation

github.com/volcano-sh/volcano is vulnerable to Privilege Escalation. The vulnerability is due to insecure permissions in Volcano, which allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

9.8CVSS6.9AI score0.00476EPSS

Exploits0References3Affected Software1

OSV•added 2024/07/24 9:31 p.m.•15 views

GHSA-5G3X-8G2V-R8X8 Volcano has insecure permissions

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

9.8CVSS9.5AI score0.00476EPSS

Exploits0References7

Github Security Blog•added 2024/07/24 9:31 p.m.•13 views

Volcano has insecure permissions

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

9.8CVSS6.9AI score0.00476EPSS

Exploits0References7Affected Software2