CVE-2024-42480

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/08/2024
Last modified:
16/08/2024

Description

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:clastix:kamaji:*:*:*:*:*:*:*:* edge-24.8.2 (excluding)