CubeFS up to and including 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linuxfoundation cubefs |