CRITICAL 9.8 Go
Volcano has insecure permissions
GHSA-5g3x-8g2v-r8x8 · CVE-2024-36533 · GO-2024-3034
Published · Modified
Description
Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-36533
- WEB https://github.com/volcano-sh/volcano/issues/3446
- WEB https://github.com/volcano-sh/volcano/pull/3449
- WEB https://github.com/volcano-sh/volcano/commit/55963f71c76cb85cea1cdb9582ea7d58cfbedcf8
- WEB https://gist.github.com/HouqiyuA/a0e05a26ecc80bd970ac4649faecc930
- PACKAGE https://github.com/volcano-sh/volcano
- WEB https://pkg.go.dev/vuln/GO-2024-3034
Ready to move
Start Securing
Free, no credit card | First findings in minutes