Lucene search
Veracode Vulnerability DatabaseVERACODE:46774HistoryMay 07, 2024 - 6:45 a.m.
Improper Access Control
2024-05-0706:45:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
github.com/piraeusdatastore/piraeus-operator
vulnerability
improper access control
listing
cluster secrets
attacker
service account
github.com/piraeusdatastore/piraeus-operator is vulnerable to Improper access control. The vulnerability is due to the ClusterRole being granted excessive permissions, specifically the ability to list all secrets in the cluster, which allows an attacker to impersonate the service account bound to this ClusterRole and list confidential information across the cluster.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/piraeusdatastore/piraeus-operator | le | v2.4.0 | |
| github.com/piraeusdatastore/piraeus-operator | le | v2.4.0 |
Related
cve
cve
CVE-2024-33398
2024-05-03 16:15:11
osv
osv
piraeus-operator allows attacker to impersonate service account
2024-05-03 18:30:36
github
github
piraeus-operator allows attacker to impersonate service account
2024-05-03 18:30:36
cvelist
cvelist
CVE-2024-33398
2024-05-03 00:00:00