Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
未有动机的代理或中间人(混淆代理)
Vulnerability Title
kro(Kube Resource Orchestrator) 安全漏洞
Vulnerability Description
kro(Kube Resource Orchestrator)是kro-run开源的一个资源编排器。 kro(Kube Resource Orchestrator)0.2.1之前版本存在安全漏洞,该漏洞源于允许用户提供任意容器镜像,可能导致集群节点上未经身份验证的远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A