CVE-2024-42480 — HIGH (8.1)

Q: How severe is CVE-2024-42480?

CVE-2024-42480 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-42480?

Check the references section above for vendor advisories and patch information. Affected products include: Clastix Kamaji.

Vulnerability Description

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Clastix	Kamaji	< edge-24.8.2

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2024-42480?

CVE-2024-42480 is a vulnerability with a CVSS score of 8.1 (HIGH). Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers bein...

How severe is CVE-2024-42480?

CVE-2024-42480 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-42480?

Check the references section above for vendor advisories and patch information. Affected products include: Clastix Kamaji.