Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to e…

A vulnerability in Rancher Local Path Provisioner prior to version 0.0.36 allows malicious users with ConfigMap edit permissions to manipulate helperPod.yaml templates. The vulnerability enables injection of security-sensitive fields like privileged security contexts and hostPath volumes. When PVC operations trigger HelperPod creation, attackers can achieve privileged pod execution with host filesystem access. This can lead to sensitive file access, ServiceAccount token theft, cross-tenant data access, and host file modification. The vulnerability is fixed in version 0.0.36.