CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-1506

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00056EPSS

Exploits1References6

RedhatCVE•added 2025/05/23 6:5 a.m.•2 views

CVE-2023-30840

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

7.8CVSS7AI score0.00056EPSS

Exploits1References1

OSV•added 2024/08/20 8:29 p.m.•11 views

GO-2023-1763 On a compromised node, the fluid-csi service account can be used to modify node specs in github.com/fluid-cloudnative/fluid

On a compromised node, the fluid-csi service account can be used to modify node specs in github.com/fluid-cloudnative/fluid...

7.8CVSS6.2AI score0.00056EPSS

Exploits1References5

Veracode•added 2023/05/11 4:47 a.m.•19 views

Privilege Escalation

github.com/fluid-cloudnative/fluid is vulnerable to Privilege Escalation. If a malicious user is able to take control of a Kubernetes node running the fluid csi pod, they can use the fluid-csi service account to alter the specifications of all nodes in the cluster. Once the attacker has identifie...

7.8CVSS6.6AI score0.00056EPSS

Exploits1References5Affected Software1

OSV•added 2023/05/09 7:58 p.m.•22 views

GHSA-93XX-CVMC-9W3V On a compromised node, the fluid-csi service account can be used to modify node specs

Impact If a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid node-daemonset, he/she can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks "list node"...

4CVSS6.4AI score0.00056EPSS

Exploits1References6