Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Piraeus Operator 安全漏洞
Vulnerability Description
Piraeus Operator是Piraeus开源的一个用于管理 Kubernetes 中 LINSTOR 集群的软件。 Piraeus Operator v2.5.0 及之前版本存在安全漏洞,该漏洞源于允许攻击者冒充 ClusterRole 绑定的服务帐户,并利用其高危权限列出整个集群的机密信息。
CVSS Information
N/A
Vulnerability Type
N/A