Insecure Preserved Inherited Permissions
CVE-2024-36538
Summary
Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-278 - Insecure Preserved Inherited Permissions
A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.
References
Advisory Timeline
- Published
