Name of the Vulnerable Software and Affected Versions:

OpenEBS versions prior to 0.10.0

Description:

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable, potentially allowing non-privileged users to access sensitive data. The rawfile-localpv storage class creates persistent volume data under `/var/csi/rawfile/` on Kubernetes hosts by default, but the directory and data within it are world-readable. This could lead to a database breach if Kubernetes tenants are running databases like MySQL or PostgreSQL in containers.

Recommendations:

Upgrade to version 0.10.0 or later.