You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists (ACL), allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation.
The affected files include binaries, scripts, configuration and log files:
Advisory GHSA-x7xj-jvwp-97rv references a vulnerability in the following Go modules:
Description:
Impact
A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists (ACL), allowing
BUILTIN\Users
orNT AUTHORITY\Authenticated Users
to view or edit sensitive files which could lead to privilege escalation.The affected files include binaries, scripts, configuration and log files:
**This vulnerability is exclusive to RKE2 in Windows environments. Linux env...
References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: