You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
LeaseTimeToLive API allows access to key names (not value) associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC).
Impact
LeaseTimeToLive API allows access to key names (not value) associated to a lease when
Keysparameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC).Patches
< v3.4.26 and < v3.5.9 are affected.
Workarounds
No.
Reporter
Yoni Rozenshein