CVE-2023-30512 Information

Description

CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets including the admin secret.

Reference

https://github.com/cubefs/cubefs/issues/1882