Lucene search
+L

3 matches found

vulnrichment
vulnrichment
added 2023/05/08 5:45 p.m.5 views

CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

5.8CVSS7.7AI score0.00236EPSS
Exploits0References4
osv
osv
added 2023/03/16 4:4 p.m.30 views

GHSA-CP96-JPMQ-XRR2 On a compromised node, the virt-handler service account can be used to modify all node specs

Impact If a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can for instance read all secrets on t...

8.2CVSS7.9AI score0.00611EPSS
Exploits0References4
github
github
added 2023/03/16 4:4 p.m.41 views

On a compromised node, the virt-handler service account can be used to modify all node specs

Impact If a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can for instance read all secrets on t...

8.2CVSS7.7AI score0.00611EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder