2 matches found
Improper Authorization
Shopper is vulnerable to Improper Authorization. The vulnerability is due to missing and improperly enforced authorization checks in the team settings, which allows an authenticated attacker to create roles, modify permissions, escalate privileges to administrator, and remove legitimate...
CVE-2023-32191
When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...