Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pepr Overly Permissive RBAC ClusterRole in Admin Mode
Vulnerability Description
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with Pepr and create resources dynamically without needing to pre-configure RBAC. This vulnerability is fixed in 1.0.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vulnerability Type
最小特权原则违背
Vulnerability Title
Pepr 安全漏洞
Vulnerability Description
Pepr是Defense Unicorns开源的一个中间件。 Pepr 1.0.5之前版本存在安全漏洞,该漏洞源于默认使用集群管理员RBAC配置且未强制执行最小权限原则。
CVSS Information
N/A
Vulnerability Type
N/A