PT-2024-27052 · Kruise · Kruise
Houqiyua
·
Published
2024-06-21
·
Updated
2024-07-03
·
CVE-2024-36532
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
kruise version 1.6.2
Description
The issue is related to insecure permissions, allowing attackers to access sensitive data and escalate privileges by obtaining the service account's token.
Recommendations
For kruise version 1.6.2, update the permissions to restrict access to sensitive data and prevent privilege escalation. Consider temporarily restricting the service account's token access until a patch is available.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kruise