6 matches found
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
piraeus-operator allows attacker to impersonate service account
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
Summary: CVE-2024-33398 affects the piraeus-operator (versions ≤ 2.5.0). A ClusterRole is granted list secrets permission, enabling an attacker to impersonate the service account bound to that ClusterRole and leverage high-risk privileges to enumerate confidential information across the cluster. ...
PT-2024-25231 · Unknown · Piraeus-Operator
Name of the Vulnerable Software and Affected Versions: piraeus-operator versions 2.5.0 and earlier Description: The issue allows an attacker to impersonate the service account bound to a ClusterRole in piraeus-operator, which has been granted list secrets permission. This permission enables the...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...