Headline
GHSA-3wfj-3x8q-hrpg: Kubean vulnerable to cluster-level privilege escalation
Impact
This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has kubean’s deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.
Patches
>=v0.18.0
References
Reporting by @younaman(Nanzi Yang) https://github.com/kubean-io/kubean/issues/1326
Package
gomod github.com/kubean-io/kubean (Go)
Affected versions
< 0.18.0
Patched versions
0.18.0
Description
Impact
This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has kubean’s deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.
Patches
=v0.18.0
References
Reporting by @younaman(Nanzi Yang)
kubean-io/kubean#1326
References
- GHSA-3wfj-3x8q-hrpg
- kubean-io/kubean#1326
- kubean-io/kubean@167e973
tu1h published to kubean-io/kubean
Aug 5, 2024
Published to the GitHub Advisory Database
Aug 5, 2024
Reviewed
Aug 5, 2024
Last updated
Aug 5, 2024