Headline
GHSA-9337-8c6c-c2xg: CubeFS allows Kubernetes cluster-level privilege escalation
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.
CubeFS allows Kubernetes cluster-level privilege escalation
High severity GitHub Reviewed Published Apr 12, 2023 to the GitHub Advisory Database • Updated Apr 12, 2023
Related news
CVE-2023-30512: [Bug]: A potential risk in kubefs which can be leveraged to make a cluster-level privilege escalation · Issue #1882 · cubefs/cubefs
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.