CVE-2024-41820

5 Ago 2024

Título es

CVE-2024-41820

Lun, 05/08/2024 – 20:15

Tipo

CWE-732

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-41820

Descripción en

Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has `*` verbs of `*` resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been addressed in release version 0.18.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

05/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

6.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/kubean-io/kubean/commit/167e97329e4a27ba2f456d2846d39af20e1af7ef

https://github.com/kubean-io/kubean/issues/1326

https://github.com/kubean-io/kubean/security/advisories/GHSA-3wfj-3x8q-hrpg

Enviar en el boletín