Description

Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been patched in version 0.14.6. All users are advised to upgrade. Users unable to upgrade should update and limit the ClusterRole using security-role.

INFO

Published Date :

2024-08-28T19:50:22.959Z

Last Modified :

2024-08-28T20:09:27.302Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45054 vulnerability.

Vendors Products
Hwameistor
  • Hwameistor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45054.

URL Resource
https://github.com/hwameistor/hwameistor/blob/main/helm/hwameistor/templates/clusterrole.yaml cve-icon cve-icon
https://github.com/hwameistor/hwameistor/commit/edf4cebed73cadd230bf97eab65c5311f2858450 cve-icon cve-icon
https://github.com/hwameistor/hwameistor/issues/1457 cve-icon cve-icon
https://github.com/hwameistor/hwameistor/issues/1460 cve-icon cve-icon
https://github.com/hwameistor/hwameistor/security/advisories/GHSA-mgwr-h7mv-fh29 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact