2 matches found
CVE-2023-30617 Leverage the kruise-daemon pod to list all secrets in the entire cluster
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entir...
CVE-2023-30617
CVE-2023-30617 affects Kruise in Kubernetes. If an attacker gains root on a node where the kruise-daemon runs, they can use the kruise-daemon pod to list all cluster secrets, then leverage captured secrets (e.g., the kruise-manager service account token) to escalate privileges such as pod modific...