CVE-2024-42480
CVSS 3.1 Score 9.9 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 16, 2024
CWE ID 284
Summary
CVE-2024-42480 is a vulnerability affecting the Kamaji Hosted Control Plane Manager for Kubernetes. In earlier versions 1.0.0 and below, Kamaji employs an "open at the top" range definition in Role-Based Access Control (RBAC) for etcd roles. This misconfiguration results in some TCP API servers gaining unauthorized access, enabling them to read, write, and delete data from other control planes. This issue is resolved in the edge-24.8.2 release.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share