CVE-2024-42480
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/08/2024
Last modified:
16/08/2024
Description
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.
Impact
Base Score 3.x
9.90
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:clastix:kamaji:*:*:*:*:*:*:*:* | edge-24.8.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page