CVE-2023-51699

Name of the Vulnerable Software and Affected Versions Fluid versions prior to 0.9.3

Description The issue is an OS command injection vulnerability within the Fluid project's JuicefsRuntime. This vulnerability can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification, or deletion of data.

Recommendations For versions prior to 0.9.3, upgrade to version 0.9.3 to resolve the issue. As a temporary workaround, consider restricting access to the JuicefsRuntime component to minimize the risk of exploitation. Avoid using the vulnerable JuicefsRuntime until the issue is resolved.