CubeFS is vulnerable to Privilege Escalation. The vulnerability is due to not restricting/restraining the secrets which are accessed by DaemonSet of CubeFS. This can lead to an attacker controlling a worker node to make a cluster-level privilege escalation by leveraging the pod controlled by DaemonSet to get/list ALL secrets. (e.g., the cluster’s admin secret)