CVE-2024-36533
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Volcano has insecure permissions in volcano.sh/volcano
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/volcano-sh/volcano | <1.10.0-alpha.0 | 1.10.0-alpha.0 |
| Go | volcano.sh/volcano | <1.10.0-alpha.0 | 1.10.0-alpha.0 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-36533
- https://github.com/volcano-sh/volcano/issues/3446
- https://github.com/volcano-sh/volcano/pull/3449
- https://github.com/volcano-sh/volcano/commit/55963f71c76cb85cea1cdb9582ea7d58cfbedcf8
- https://gist.github.com/HouqiyuA/a0e05a26ecc80bd970ac4649faecc930
- https://github.com/volcano-sh/volcano
- https://pkg.go.dev/vuln/GO-2024-3034
- https://github.com/advisories/GHSA-5g3x-8g2v-r8x8
Verify integrity in audit chain (admin only). AS-IS.