-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from Kubernetes RBAC configuration rather than specific code functions. The cluster role 'cfs-csi-cluster-role' associated with the DaemonSet grants excessive permissions (secrets/list) at the cluster level. This misconfiguration in Kubernetes manifests (YAML files) allows privilege escalation, but no specific Go functions in the CubeFS codebase are directly implicated. The vulnerability is infrastructure/configuration-related rather than stemming from flawed application logic in code functions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/cubefs/cubefs | go | <= 3.2.1 |
A Semantic Attack on Google Gemini - Read the Latest Research