CVE-2023-32191

CRITICAL Year: 2023
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-922
View all →

Vulnerability Description

When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.

Related Vulnerabilities

CVE-2017-5249

CRITICAL
CVSS:9.8(Critical)

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

CWE-9222017

CVE-2017-5250

CRITICAL
CVSS:9.8(Critical)

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

CWE-9222017

CVE-2021-27170

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.

CWE-9222021

CVE-2021-42371

CRITICAL
CVSS:9.8(Critical)

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.

CWE-9222021

CVE-2022-44581

CRITICAL
CVSS:9.8(Critical)

Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3...

CWE-9222022

CVE-2023-0580

CRITICAL
CVSS:9.8(Critical)

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application ...

CWE-9222023