CVE-2024-36535
https://notcve.org/view.php?id=CVE-2024-36535
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/2950c3993cdeff23afcbd73ba7a33879 • CWE-284: Improper Access Control •
CVE-2024-36541
https://notcve.org/view.php?id=CVE-2024-36541
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/f972d1c152f3b8127af01206f7c2af0d • CWE-276: Incorrect Default Permissions •
CVE-2024-36538
https://notcve.org/view.php?id=CVE-2024-36538
Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/f06d1fa07b5287b862c1e0b288f301e5 • CWE-278: Insecure Preserved Inherited Permissions •
CVE-2024-36540
https://notcve.org/view.php?id=CVE-2024-36540
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a • CWE-284: Improper Access Control •
CVE-2024-36534
https://notcve.org/view.php?id=CVE-2024-36534
Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. • https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450 • CWE-266: Incorrect Privilege Assignment •