Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential Permission Leakage of Cluster Level in hwameistor
Vulnerability Description
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been patched in version 0.14.6. All users are advised to upgrade. Users unable to upgrade should update and limit the ClusterRole using security-role.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
HwameiStor 安全漏洞
Vulnerability Description
HwameiStor是HwameiStor开源的一款 Kubernetes 原生的容器附加存储 (CAS) 解决方案。 HwameiStor 存在安全漏洞,该漏洞源于权限管理异常。
CVSS Information
N/A
Vulnerability Type
N/A