CVE-2024-36536: fabedge has insecure permissions

July 24, 2024 (updated November 18, 2024)

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token.

References

gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8
github.com/advisories/GHSA-c9cm-5j82-m6pj
github.com/fabedge/fabedge
nvd.nist.gov/vuln/detail/CVE-2024-36536
pkg.go.dev/vuln/GO-2024-3027

Code Behaviors & Features

Detect and mitigate CVE-2024-36536 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →