Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
An unauthenticated attacker can gain access to a service account token due to overly permissive permissions configured in the Volcano system. The obtained token can then be used to authenticate as a privileged account and obtain greater access rights in the environment.
An attacker can gain access to sensitive data and escalate their privileges (privilege escalation), potentially taking control over resources in the environment where Volcano operates.
Patches available from the vendor should be applied according to the references. It is also recommended to review and tighten the configuration of service account permissions in environments using Volcano.
Volcano v1.8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H