3 matches found
GHSA-3WFJ-3X8Q-HRPG Kubean vulnerable to cluster-level privilege escalation
Impact This ClusterRole has verbs of resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. Patches =v0.18.0 Referenc...
GHSA-93XX-CVMC-9W3V On a compromised node, the fluid-csi service account can be used to modify node specs
Impact If a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid node-daemonset, he/she can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks "list node"...
USN-5307-1: QEMU vulnerabilities
Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2021-20196 Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. A...