The vulnerability of the karmada-operator and karmadactl packages from the Kubernetes cluster management system allows a hacker to write arbitrary files to the basic file system, enabling them to run cloud applications on multiple Karmada clusters.

The vulnerability of the karmada-operator and karmadactl packages from the Kubernetes cluster management system, which are used to run cloud applications across multiple Karmada clusters, is related to an incorrect path name limitation for accessing the restricted directory. Exploiting this...