Home > Vulnerability Database > CVE-2024-42480

Mend.io Vulnerability Database

CVE-2024-42480

Good to know:

Date: August 12, 2024

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.

Language: Go

Severity Score

8.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-42480

Url: https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db

Url: https://github.com/clastix/kamaji

Url: https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24

Url: https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5

Url: https://www.mend.io/vulnerability-database/CVE-2024-42480

Severity Score

8.1

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version github.com/clastix/kamaji-edge-24.8.2

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-42480

Good to know:

Date: August 12, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?