9 matches found
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
GO-2024-2811 piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator
piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator...
Improper Access Control
github.com/piraeusdatastore/piraeus-operator is vulnerable to Improper access control. The vulnerability is due to the ClusterRole being granted excessive permissions, specifically the ability to list all secrets in the cluster, which allows an attacker to impersonate the service account bound to...
GHSA-6FG2-HVJ9-832F piraeus-operator allows attacker to impersonate service account
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...
Piraeus Operator 安全漏洞
Piraeus Operator is a Piraeus open source for managing LINSTOR clusters in Kubernetes. A security vulnerability exists in Piraeus Operator v2.5.0 and earlier versions, which originated from a vulnerability that allows an attacker to impersonate a service account bound to ClusterRole and use its...
CVE-2024-33398
Summary: CVE-2024-33398 affects the piraeus-operator (versions ≤ 2.5.0). A ClusterRole is granted list secrets permission, enabling an attacker to impersonate the service account bound to that ClusterRole and leverage high-risk privileges to enumerate confidential information across the cluster. ...
CVE-2024-33398
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster...