PT-2024-27053 · Volano · Volcano
Houqiyua
·
Published
2024-07-24
·
Updated
2024-08-06
·
CVE-2024-36533
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
volcano version 1.8.2
Description
The issue is related to insecure permissions, allowing attackers to access sensitive data and escalate privileges by obtaining the service account's token. This can be achieved through the
volcano.sh/volcano endpoint.Recommendations
For version 1.8.2, consider restricting access to the
volcano.sh/volcano endpoint to minimize the risk of exploitation. Additionally, review and adjust the permissions to prevent unauthorized access to sensitive data and privilege escalation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Volcano