Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

RedhatCVE
RedhatCVEadded 2025/02/05 12:38 p.m.6 views

CVE-2024-43403

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS6.7AI score0.00089EPSS
Exploits0References1
OSV
OSVadded 2024/08/22 8:3 p.m.7 views

GO-2024-3080 Kanister vulnerable to cluster-level privilege escalation in github.com/kanisterio/kanister

Kanister vulnerable to cluster-level privilege escalation in github.com/kanisterio/kanister...

8.8CVSS8.8AI score0.00089EPSS
Exploits0References3
Veracode
Veracodeadded 2024/08/21 5:43 a.m.10 views

Improper Privilege Management

github.com/kanisterio/kanister is vulnerable to Improper Privilege Management. The vulnerability is due to the edit ClusterRole having overly permissive permissions, including create, patch, and update verbs for daemonset resources, create verb for serviceaccount/token resources. An attacker can...

8.8CVSS7.2AI score0.00089EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2024/08/20 10:15 p.m.9 views

CVE-2024-43403

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS0.00089EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2024/08/20 10:13 p.m.22 views

Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a released Go package. For more information, see github/advisory-database/issues/5029. Original Advisory Summary This advisory affects the Kanister helm charts and not the go package Details The kanister...

8.8CVSS8.7AI score0.00089EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2024/08/20 10:13 p.m.10 views

GHSA-H27C-6XM3-MCQP Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a released Go package. For more information, see github/advisory-database/issues/5029. Original Advisory Summary This advisory affects the Kanister helm charts and not the go package Details The kanister...

8.8CVSS8.6AI score0.00089EPSS
Exploits0References5
Cvelist
Cvelistadded 2024/08/20 9:16 p.m.14 views

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS0.00089EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/08/20 9:16 p.m.16 views

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS6.9AI score0.00089EPSS
Exploits0References2
CVE
CVEadded 2024/08/20 9:16 p.m.47 views

CVE-2024-43403

Kanister (github.com/kanisterio/kanister) is affected by CVE-2024-43403 due to a deployment named default-kanister-operator bound to the Kubernetes ClusterRole edit. The edit ClusterRole includes permissive permissions (create/patch/update for daemonsets, create for serviceaccount/tokens, and imp...

8.8CVSS8.7AI score0.00089EPSS
Exploits0References2
OSV
OSVadded 2024/08/20 9:16 p.m.2 views

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

8.8CVSS7AI score0.00089EPSS
Exploits0References4
CNNVD
CNNVDadded 2024/08/20 12:0 a.m.2 views

Kanister 安全漏洞

Kanister is a data protection workflow management tool from Kanister Open Source. A security vulnerability exists in Kanister that stems from a cluster-level privilege elevation that can be performed by a malicious user by accessing a worker node...

8.8CVSS6.6AI score0.00089EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/08/20 12:0 a.m.2 views

PT-2024-30561 · Kanister +1 · Kanister +1

Name of the Vulnerable Software and Affected Versions: Kanister affected versions not specified Description: Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding...

8.8CVSS6.8AI score0.00089EPSS
Exploits0References20
Rows per page
Query Builder