CVE-2024-45054

Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...

CVE-2024-45054 Potential Permission Leakage of Cluster Level in hwameistor

Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...

PT-2024-31406 · Unknown · Hwameistor

Name of the Vulnerable Software and Affected Versions: Hwameistor versions prior to 0.14.6 Description: Hwameistor is a high-availability local storage system for cloud-native stateful workloads. This ClusterRole has excessive permissions, allowing a malicious user who can access the worker node...

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

Kubean vulnerable to cluster-level privilege escalation

Impact This ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. Patches =v0.18.0 Referenc...

GHSA-3WFJ-3X8Q-HRPG Kubean vulnerable to cluster-level privilege escalation

Impact This ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. Patches =v0.18.0 Referenc...

CVE-2023-30622 Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...

CVE-2023-30622

CVE-2023-30622 affects Clusternet prior to 0.15.2. A deployment named cluster-hub in the clusternet-system namespace runs on worker nodes and uses the service account clusternet-hub, which is bound to the cluster role clusternet:hub. That cluster role has "" verbs on " .*" resources, enabling pri...

CVE-2023-30622 Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user has access to the worker nodes, which contain the cluster-manager-registration-controller or cluster-manager deployments. This flaw allows a malicious user to bind the cluster-admin to any service account or use the service account t...

PT-2023-22819 · Unknown · Clusternet

Name of the Vulnerable Software and Affected Versions: Clusternet versions prior to 0.15.2 Description: Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in Clusternet can be leveraged to lead to a cluster-level privilege escalation...

CVE-2023-29018 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...