Nobuto-M

**Name of the Vulnerable Software and Affected Versions** OpenEBS versions prior to 0.10.0 **Description** OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable, potentially allowing non-privileged users to access sensitive data. The rawfile-localpv storage class creates persistent volume data under `/var/csi/rawfile/` on Kubernetes hosts by default, but the directory and data within it are world-readable. This could lead to a database breach if Kubernetes tenants are running databases like MySQL or PostgreSQL in containers. **Recommendations** Upgrade to version 0.10.0 or later.