15 matches found
EUVD-2024-2617
Malicious code in bioql PyPI...
CVE-2024-45054
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
CVE-2024-36534
Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
GO-2024-3103 Hwameistor Potential Permission Leakage of Cluster Level in github.com/hwameistor/hwameistor
Hwameistor Potential Permission Leakage of Cluster Level in github.com/hwameistor/hwameistor...
CVE-2024-45054
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
CVE-2024-45054 Potential Permission Leakage of Cluster Level in hwameistor
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
CVE-2024-45054 Potential Permission Leakage of Cluster Level in hwameistor
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
CVE-2024-45054
CVE-2024-45054 affects Hwameistor’s clusterrole permissions, allowing a user with access to a worker node to abuse excessive privileges and achieve cluster‑level privilege escalation. Multiple connected sources confirm the issue and point to a fix in Hwameistor v0.14.6. Impact is limited to misco...
CVE-2024-45054 Potential Permission Leakage of Cluster Level in hwameistor
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
PT-2024-31406 · Unknown · Hwameistor
Name of the Vulnerable Software and Affected Versions: Hwameistor versions prior to 0.14.6 Description: Hwameistor is a high-availability local storage system for cloud-native stateful workloads. This ClusterRole has excessive permissions, allowing a malicious user who can access the worker node...
HwameiStor 安全漏洞
HwameiStor is a Kubernetes-native Container Attached Storage CAS solution open-sourced by HwameiStor. A security vulnerability exists in HwameiStor that stems from a privilege management exception...
CVE-2024-36534
Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2024-36534
Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2024-36534
CVE-2024-36534 affects hwameistor v0.14.3 and earlier, with insecure permissions allowing an attacker to access sensitive data and escalate privileges by obtaining a service account token. The issue stems from misconfigured permissions that permit token access and privilege elevation within the s...
HwameiStor 安全漏洞
HwameiStor is a Kubernetes-native Container Attached Storage CAS solution open-sourced by HwameiStor. A security vulnerability exists in HwameiStor v0.14.3 and earlier versions, which stems from the presence of an insecure privilege that allows an attacker to access sensitive data and elevate...