Accidentally elevating an extension with Backup Contributor to cluster-admin seems like a hell of a security boundary violation to me. Seems like the kind of thing a recently laid-off, possibly disgruntled admin could do a lot of damage with if they had a mind to. Like, company-exploding damage. I would think twice about trusting a vendor that sweeps this kind of thing under the rug.
Friends don’t let friends trust proprietary software.
On another note:
CERT/CC had initially scheduled public disclosure for June 1, 2026, but that disclosure never happened.
Is this a typo or is bleepingcomputer reporting from the near future?
Accidentally elevating an extension with Backup Contributor to cluster-admin seems like a hell of a security boundary violation to me. Seems like the kind of thing a recently laid-off, possibly disgruntled admin could do a lot of damage with if they had a mind to. Like, company-exploding damage. I would think twice about trusting a vendor that sweeps this kind of thing under the rug.
Friends don’t let friends trust proprietary software.
On another note:
Is this a typo or is bleepingcomputer reporting from the near future?