CVE-2023-51699

CVSS V2 None CVSS V3 None
Description
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data. Users who're using versions < 0.9.3 with JuicefsRuntime should upgrade to v0.9.3.
Overview
  • CVE ID
  • CVE-2023-51699
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-03-15T19:08:19.193Z
  • Last Modified Date
  • 2024-03-15T19:08:19.193Z
History
Created Old Value New Value Data Type Notes
2024-06-24 18:24:10 Added to TrackCVE