CVE-2024-36534

EUVD-2024-36147
Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
hwameistorhwameistor
𝑥
≤ 0.14.3
ADP
Common Weakness Enumeration
References
https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450
https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450