{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-32359", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T02:06:44.052Z", "dateReserved": "2024-04-12T00:00:00.000Z", "datePublished": "2024-05-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-02T16:04:23.645Z"}, "descriptions": [{"lang": "en", "value": "An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://carina.com"}, {"url": "https://github.com/HouqiyuA/k8s-rbac-poc"}, {"url": "https://github.com/carina-io/carina"}, {"url": "https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-32359", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T17:57:48.829205Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:carina:carina:*:*:*:*:*:*:*:*"], "vendor": "carina", "product": "carina", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:50:40.310Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:44.052Z"}, "title": "CVE Program Container", "references": [{"url": "http://carina.com", "tags": ["x_transferred"]}, {"url": "https://github.com/HouqiyuA/k8s-rbac-poc", "tags": ["x_transferred"]}, {"url": "https://github.com/carina-io/carina", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://carina.com", "tags": ["x_transferred"]}, {"url": "https://github.com/HouqiyuA/k8s-rbac-poc", "tags": ["x_transferred"]}, {"url": "https://github.com/carina-io/carina", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:44.052Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-32359", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T17:57:48.829205Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:carina:carina:*:*:*:*:*:*:*:*"], "vendor": "carina", "product": "carina", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T17:55:04.743Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://carina.com"}, {"url": "https://github.com/HouqiyuA/k8s-rbac-poc"}, {"url": "https://github.com/carina-io/carina"}, {"url": "https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906"}], "descriptions": [{"lang": "en", "value": "An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-02T16:04:23.645Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32359", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:06:44.052Z", "dateReserved": "2024-04-12T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster."}, {"lang": "es", "value": "Un riesgo de autorizaci\u00f3n RBAC en Carina v0.13.0 y versiones anteriores permite a atacantes locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de comandos manipulados para obtener los secretos de todo el cl\u00faster y apoderarse del cl\u00faster."}], "id": "CVE-2024-32359", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-02T16:15:08.127", "references": [{"source": "cve@mitre.org", "url": "http://carina.com"}, {"source": "cve@mitre.org", "url": "https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906"}, {"source": "cve@mitre.org", "url": "https://github.com/HouqiyuA/k8s-rbac-poc"}, {"source": "cve@mitre.org", "url": "https://github.com/carina-io/carina"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://carina.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/HouqiyuA/k8s-rbac-poc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/carina-io/carina"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}