CVE-2024-33396

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions karmada versions 1.9.0 and earlier

Description The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This is related to token handling and can be exploited for local privilege escalation.

Recommendations For versions 1.9.0 and earlier, patch to the latest version to resolve the issue. As a temporary workaround, consider limiting permissions and investigating token handling to minimize the risk of exploitation.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2024-33396

GHSA-WCCG-V638-J9Q2

GO-2024-2817

Affected Products

Karmada

CVE-2024-33396

Weakness Enumeration

Related Identifiers

Affected Products

References · 9