漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
Vulnerability Description
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Kanister 安全漏洞
Vulnerability Description
Kanister是Kanister开源的一个数据保护工作流管理工具。 Kanister存在安全漏洞,该漏洞源于恶意用户可以通过访问工作节点来进行集群级特权提升。
CVSS Information
N/A
Vulnerability Type
N/A