CVE-2024-36533

CVSS 9.8 CRITICALEPSS 0.5%CWE-1259

In short

Volcano v1.8.2 has insecure file permissions that allow attackers to steal the service account token, giving them full access to sensitive data and administrative capabilities. This is a critical flaw that can compromise the entire system.

Technical detail

Improper permission configuration in Volcano v1.8.2 exposes service account credentials, enabling unauthorized token retrieval via local or network access. Successful exploitation grants privilege escalation and unrestricted access to protected resources managed by the service account.

Summary generated and translated by AI from the official description.

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/HouqiyuA/a0e05a26ecc80bd970ac4649faecc930