Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kamaji's RBAC Roles for `etcd` are not disjunct
Vulnerability Description
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Kamaji 安全漏洞
Vulnerability Description
Kamaji是Clastix Labs开源的一个 Kubernetes 控制平面管理器。 Kamaji 1.0.0版本及之前版本存在安全漏洞。攻击者利用该漏洞导致某些 TCP API 服务器能够读取、写入和删除数据。
CVSS Information
N/A
Vulnerability Type
N/A