CVE-2024-45054

Name of the Vulnerable Software and Affected Versions Hwameistor versions prior to 0.14.6

Description Hwameistor is a high-availability local storage system for cloud-native stateful workloads. This ClusterRole has excessive permissions, allowing a malicious user who can access the worker node with Hwameistor's deployment to abuse these permissions and perform any actions on the whole cluster, resulting in a cluster-level privilege escalation.

Recommendations For versions prior to 0.14.6, upgrade to version 0.14.6 or later. For users unable to upgrade, update and limit the ClusterRole using security-role as a temporary workaround.