Vulnerability DatabaseWS-2023-0110
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0110
April 21, 2023
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation in clusternet prior to 0.15.2. The clusternet has a deployment called cluster-hub inside the clusternet-system Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called clusternet-hub, which has a cluster role called clusternet:hub via cluster role binding. The clusternet:hub cluster role has "" verbs of ".*" resources. Thus, if a malicious user can access the worker node which runs the clusternet, he/she can leverage the service account to do malicious actions to critical system resources. For example, he/she can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation.
Related Resources (1)
https://github.com/clusternet/clusternet/commit/b18c297e3ad72057dbb7b53bb8120c34e5e1da30
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
LOW
Subsequent System Availability
LOW
CVSS v3
Base Score:
6.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW