CVE-2024-32359
6.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Summary
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- http://carina.com
- https://github.com/HouqiyuA/k8s-rbac-poc
- https://github.com/carina-io/carina
- https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906
References
- https://github.com/HouqiyuA/k8s-rbac-poc
- https://github.com/carina-io/carina
- https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.