VYPR

Hwameistor

by Hwameistor

Source repositories

CVEs (2)

  • CVE-2024-36534HigJul 24, 2024
    risk 0.55cvss 8.4epss 0.00

    Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

  • CVE-2024-45054LowAug 28, 2024
    risk 0.11cvss 2.8epss 0.00

    Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes…