This ClusterRole has *
verbs of *
resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.
=v0.18.0
Reporting by @younaman(Nanzi Yang) https://github.com/kubean-io/kubean/issues/1326
{ "nvd_published_at": "2024-08-05T20:15:35Z", "cwe_ids": [ "CWE-276", "CWE-732" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-08-05T16:07:50Z" }