CVE-2023-30617
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
描述
### Impact Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, attackers can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privilege such as pod modification. ### Workarounds For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege ### Patches For users who're using v0.8.x ~ v1.2.x, please update the v1.3.1 For users who're using v1.3, please update the v1.3.1 For users who're using v1.4, please update the v1.4.1 For users who're using v1.5, please update the v1.5.2 ### References None
如何修補 CVE-2023-30617
要修補 CVE-2023-30617,請將受影響套件升級到下列已修補版本。
- —升級至 1.3.1 或更新版本
CVE-2023-30617 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 0.8.0, < 1.3.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |