Vulnerability Description
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openkruise | Kruise | >= 0.8.0, < 1.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpwVendor Advisory
- https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpwVendor Advisory
FAQ
What is CVE-2023-30617?
CVE-2023-30617 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of th...
How severe is CVE-2023-30617?
CVE-2023-30617 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30617?
Check the references section above for vendor advisories and patch information. Affected products include: Openkruise Kruise.