ByteOS Network

NVD Vulnerability Details :

CVE-2024-41820

Received

Source-security-advisories@github.com

Published At-05 Aug, 2024 | 20:15

Updated At-05 Aug, 2024 | 20:15

Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has `*` verbs of `*` resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been addressed in release version 0.18.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.0	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

Type: Secondary

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

Weaknesses

CWE ID	Type	Source
CWE-732	Secondary	security-advisories@github.com

CWE ID: CWE-732

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/kubean-io/kubean/commit/167e97329e4a27ba2f456d2846d39af20e1af7ef	security-advisories@github.com	N/A
https://github.com/kubean-io/kubean/issues/1326	security-advisories@github.com	N/A
https://github.com/kubean-io/kubean/security/advisories/GHSA-3wfj-3x8q-hrpg	security-advisories@github.com	N/A