CVE-2024-36536: fabedge has insecure permissions

July 24, 2024 (updated August 2, 2024)

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token.

References

gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8
github.com/advisories/GHSA-c9cm-5j82-m6pj
github.com/fabedge/fabedge
nvd.nist.gov/vuln/detail/CVE-2024-36536

Detect and mitigate CVE-2024-36536 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →