- Description
- Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster would be able to obtain administrative privileges over the entire federation system including all registered member clusters. Since Karmada v1.12.0, command `karmadactl register` restricts the access permissions of pull mode member clusters to control plane resources. This way, an attacker able to authenticate as the karmada-agent cannot control other member clusters in Karmada. As a workaround, one may restrict the access permissions of pull mode member clusters to control plane resources according to Karmada Component Permissions Docs.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-266
- Hype score
- Not currently trending
Karmada の脆弱性 CVE-2024-56513 が FIX:Kubernetes システムへの不正な制御が可能 https://t.co/Q6tNYQ56aq Karmada (Kubernetes Armada) の脆弱性が FIX しましたが、PULL モード・クラスターに付与される過剰な権限に起因するものとのことです。ご利用のチームは、ご注意ください。 #Armada… https://t.co/IkDfXSlloS
@iototsecnews
14 Jan 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202456513 CVE-2024-56513: Karmada Vulnerability Grants Attackers Control of Kubernetes Systems https://t.co/OvFUQOWR25
@Komodosec
4 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The severity is increased for this new vulnerability affecting karmada (CVE-2024-56513) https://t.co/2qJfnn6AYb
@vuldb
4 Jan 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56513: Karmada Vulnerability Grants Attackers Control of Kubernetes Systems https://t.co/dOQsJFkc98
@WhalersLtd
4 Jan 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56513: Karmada Zafiyeti ile Kubernetes Sistemlerinde Yetki Artışı https://t.co/m55M1igeUQ
@cyberwebeyeos
4 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56513: Karmada Vulnerability Grants Attackers Control of Kubernetes Systems https://t.co/zOnOcnFkzZ
@wy88215534
4 Jan 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56513: Karmada Vulnerability Grants Attackers Control of #Kubernetes Systems Learn about the high-severity vulnerability (CVE-2024-56513) in #Karmada and its potential impact on multi-cloud application management https://t.co/7uHULFYZfV
@the_yellow_fall
4 Jan 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56513 Administrative Privilege Escalation Risk in Karmada Prior to 1.12.0 Karmada is a system for managing Kubernetes. It helps users run cloud-native apps on many Kubernetes clusters and clouds. Version... https://t.co/UFtSJKd47d
@VulmonFeeds
3 Jan 2025
74 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-56513 Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, … https://t.co/IMmCyJ50Lq
@CVEnew
3 Jan 2025
438 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-56513: HIGH] Karmada v1.12.0 enhances cyber security by restricting excessive privileges of pull mode member clusters, preventing attackers from gaining administrative control over the federation system.#cybersecurity,#vulnerability https://t.co/uVoovl64UV https://t.co/
@CveFindCom
3 Jan 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes