CVE-2024-42480

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:clastix:kamaji:*:*:*:*:*:*:*:*

History

16 Aug 2024, 16:24

Type Values Removed Values Added
Summary
  • (es) Kamaji es el administrador del plano de control alojado para Kubernetes. En las versiones 1.0.0 y anteriores, Kamaji utiliza una definición de rango "abierto en la parte superior" en RBAC para funciones etcd, lo que permite que algunos servidores API de TCP puedan leer, escribir y eliminar los datos de otros planos de control. Esta vulnerabilidad se solucionó en edge-24.8.2.
CPE cpe:2.3:a:clastix:kamaji:*:*:*:*:*:*:*:*
References () https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24 - () https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24 - Product
References () https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db - () https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db - Patch
References () https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5 - () https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5 - Exploit, Vendor Advisory
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 9.9
First Time Clastix
Clastix kamaji

12 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 16:15

Updated : 2024-08-16 16:24


NVD link : CVE-2024-42480

Mitre link : CVE-2024-42480

CVE.ORG link : CVE-2024-42480


JSON object : View

Products Affected

clastix

  • kamaji
CWE
NVD-CWE-Other CWE-284

Improper Access Control