Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Vulnerability Description
Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Removing the `inter-ns` NetworkPolicy patches the vulnerability in version 0.2.1. If updates are not possible in production environments, manually delete `inter-ns` and update as soon as possible. Given one's context, delete the failing network policy that should be prefixed by `inter-ns-` in the target namespace.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Romeo 访问控制错误漏洞
Vulnerability Description
Romeo是CTFer.io开源的一个Go应用代码覆盖率计算工具。 Romeo 0.2.1之前版本存在访问控制错误漏洞,该漏洞源于网络策略配置不当,可能导致横向移动。
CVSS Information
N/A
Vulnerability Type
N/A