Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.
References
Configurations
History
16 Aug 2024, 16:24
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:a:clastix:kamaji:*:*:*:*:*:*:*:* | |
References | () https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24 - Product | |
References | () https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db - Patch | |
References | () https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5 - Exploit, Vendor Advisory | |
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
First Time |
Clastix
Clastix kamaji |
12 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 16:15
Updated : 2024-08-16 16:24
NVD link : CVE-2024-42480
Mitre link : CVE-2024-42480
CVE.ORG link : CVE-2024-42480
JSON object : View
Products Affected
clastix
- kamaji
CWE