CVE-2024-41820

Name of the Vulnerable Software and Affected Versions Kubean versions prior to 0.18.0

Description The issue concerns a cluster lifecycle management toolchain where the ClusterRole has excessive permissions, allowing a malicious user to abuse these permissions and perform any action on the whole cluster, resulting in a cluster-level privilege escalation. This can occur if the malicious user gains access to the worker node with Kubean's deployment.

Recommendations For versions prior to 0.18.0, upgrade to release version 0.18.0 or later to address the issue. At the moment, there is no information about other workarounds for this issue.