CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-36533

CVSS 9.8v3.1pub. 2024-07-24upd. 2026-04-15

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

πŸ€– AI Analysis
How it works

An unauthenticated attacker can gain access to a service account token due to overly permissive permissions configured in the Volcano system. The obtained token can then be used to authenticate as a privileged account and obtain greater access rights in the environment.

Impact

An attacker can gain access to sensitive data and escalate their privileges (privilege escalation), potentially taking control over resources in the environment where Volcano operates.

Mitigation & patch

Patches available from the vendor should be applied according to the references. It is also recommended to review and tighten the configuration of service account permissions in environments using Volcano.

Who is affected

Volcano v1.8.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References
CVE-2024-36533 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl