CVE-2024-32359

low-risk
Published 2024-05-02

An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.9/10 Medium
LOCAL / HIGH complexity

References (8)

http://carina.com
https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906
https://github.com/HouqiyuA/k8s-rbac-poc
https://github.com/carina-io/carina
http://carina.com
https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906
https://github.com/HouqiyuA/k8s-rbac-poc
https://github.com/carina-io/carina
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal