### [CVE-2024-43403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43403)
![](https://img.shields.io/static/v1?label=Product&message=kanister&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.110.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brighgreen)

### Description

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.

### POC

#### Reference
- https://github.com/kanisterio/kanister/security/advisories/GHSA-h27c-6xm3-mcqp

#### Github
No PoCs found on GitHub currently.