Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
Vulnerability Description
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Kanister 安全漏洞
Vulnerability Description
Kanister是Kanister开源的一个数据保护工作流管理工具。 Kanister存在安全漏洞,该漏洞源于恶意用户可以通过访问工作节点来进行集群级特权提升。
CVSS Information
N/A
Vulnerability Type
N/A