How severe is CVE-2023-30617?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-30617?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2023-30617

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-250

View all →

Vulnerability Description

Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.

CVE-2023-42954

MEDIUM

CVSS:6.5(Medium)

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue ha...

CWE-2502023

CVE-2024-20478

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authen...

CWE-2502024

CVE-2024-7041

MEDIUM

CVSS:6.5(Medium)

An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`,...

CWE-2502024

CVE-2025-0921

MEDIUM

CVSS:6.5(Medium)

Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Elect...

CWE-2502025

CVE-2025-22890

MEDIUM

CVSS:6.5(Medium)

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where...

CWE-2502025

CVE-2019-10143

MEDIUM

CVSS:6.4(Medium)

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges...

CWE-2502019

CVE-2023-30617

Vulnerability Description

Related Vulnerabilities

CVE-2023-42954

CVE-2024-20478

CVE-2024-7041

CVE-2025-0921

CVE-2025-22890

CVE-2019-10143