VYPR
High severity7.5GHSA Advisory· Published May 3, 2024· Updated Apr 15, 2026

CVE-2024-33398

CVE-2024-33398

Description

There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/piraeusdatastore/piraeus-operator/v2Go
<= 2.5.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.