Simonkienzler

**Name of the Vulnerable Software and Affected Versions** Kamaji versions 1.0.0 and earlier **Description** The issue arises from Kamaji using an "open at the top" range definition in RBAC for etcd roles, allowing some TCPs API servers to read, write, and delete the data of other control planes. This can lead to full control over other TCPs data if the name of other TCPs and user certificates are obtainable. The problem is due to the range end `0` in the etcd RBAC setup, which means "everything that comes after" in etcd, potentially affecting all key prefixes of control planes with names that come after the current one lexically. **Recommendations** For Kamaji versions 1.0.0 and earlier, update to edge-24.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the etcd datastore and limiting the use of the `--etcd-prefix` flag in the Kubernetes API Server to minimize the risk of exploitation. Avoid using the `etcdctl role get` command with the example role to prevent potential data exposure.