Comments (2)
Hi,
It looks like you have opened the same issue with almost similar text across dozens of other projects. For future references, GitHub is not how we do security disclosures.
For the record, the information contained here was reviewed and does not constitute a security vulnerability. As for the methods mentioned below, Dapr does not grant ClusterAdmin roles, nor does it allow the execution of privileged or privileged pods or containers. The service account in question is scoped to a namespace running a Pod and even gaining control of this service account identity cannot lead to a cluster takeover. Closing this
from dapr.
from dapr.
Related Issues (20)
- [Clone] Error Standardization: Secrets API HOT 1
- Dapr sidecar sometimes are not automatically injected to k8s pod when k8s recreate pod HOT 2
- subscribing to a kafkatopic with avro messages results in a 400 bad requet when I try to consumer and process the message
- Dotnet Dapr nuget SDK is not allowing to publish message with schedule time to Azure Service Bus (#urgent)
- Retry Mechanism in Dapr PUB/SUB HOT 5
- Dapr retries logs showing incorrect retry log. HOT 1
- Unable to propagate complete traceparent as a header when using CloudEvents HOT 7
- getting error with Dapr container and pod is crashing in AKS HOT 1
- error while invoking sample workflow app on AKS cluster HOT 1
- OpenTelemetry spec v1.10 that Dapr uses needs to be updated to v1.25
- Is dapr python workflow ready for prod? HOT 1
- Dapr Workflows cannot be terminated if they are running lots of activities HOT 3
- Regarding custom middleware to setup in the pipeline and how to create HOT 1
- Make 'scopes' optional in oauth2clientcredentials middleware HOT 1
- Unable to install Dapr in Kubernetes cluster HOT 2
- Support the Prometheus operator for monitoring in Helm charts
- Allow outbox published data to be different than transaction data
- Low cardinality metrics issues HOT 9
- Workflow Failure with --resources-path parameter HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dapr.