Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
kcp's cache server is accessible without authentication or authorization checks
Vulnerability Description
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
kcp 安全漏洞
Vulnerability Description
kcp是kcp-dev开源的一个类似 Kubernetes 的控制平面,用于 Kubernetes 和容器。 kcp 0.30.3之前版本和0.29.3之前版本存在安全漏洞,该漏洞源于缓存服务器直接暴露且缺乏身份验证和授权,可能导致能够访问根分片的任何人读写缓存服务器。
CVSS Information
N/A
Vulnerability Type
N/A