Critical severityNVD Advisory· Published Aug 12, 2024· Updated Aug 12, 2024
Kamaji's RBAC Roles for `etcd` are not disjunct
CVE-2024-42480
Description
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/clastix/kamajiGo | <= 1.0.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6r4j-4rjc-8vw5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-42480ghsaADVISORY
- github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.goghsax_refsource_MISCWEB
- github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3dbghsax_refsource_MISCWEB
- github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.