Improper Restriction of Security Token Assignment

CVE-2024-36533

High

9.8/10

Summary

Insecure permissions in github.com/volcano-sh/volcano versions prior to 1.9.0 allow attackers to access sensitive data and escalate privileges by obtaining the service account's token.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1259 - Improper Restriction of Security Token Assignment

The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.

References

Advisory
Issue
Pull request
Advisory
Disclosure

Advisory Timeline

Published Jul 24, 2024

Improper Restriction of Security Token Assignment

CVE-2024-36533

Summary

CWE-1259 - Improper Restriction of Security Token Assignment

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS