CVE-2024-33398

{"id": "CVE-2024-33398", "metrics": {}, "published": "2024-05-03T16:15:11.393", "references": [{"url": "https://gist.github.com/HouqiyuA/d0c11fae5ba4789946ae33175d0f9edb", "source": "cve@mitre.org"}, {"url": "https://github.com/HouqiyuA/k8s-rbac-poc", "source": "cve@mitre.org"}, {"url": "https://github.com/piraeusdatastore/piraeus-operator", "source": "cve@mitre.org"}, {"url": "https://piraeus.io/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster."}], "lastModified": "2024-05-06T12:44:56.377", "sourceIdentifier": "cve@mitre.org"}