Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service accounts token.
The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.