CVE-2024-33398

Published: May 3, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/HouqiyuA/k8s-rbac-poc

https://github.com/piraeusdatastore/piraeus-operator

https://piraeus.io/

https://gist.github.com/HouqiyuA/d0c11fae5ba4789946ae33175d0f9edb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-33398

Description

Affected Products

References