CVE-2024-41820
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/08/2024
Last modified:
06/08/2024
Description
Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has `*` verbs of `*` resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been addressed in release version 0.18.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Impact
Base Score 3.x
6.00
Severity 3.x
MEDIUM