Back to bug 2188607
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jian Qiu | 2023-04-23 02:13:05 UTC | CC | jqiu | |
| Doc Type | --- | If docs needed, set a value | ||
| Flags | needinfo?(jqiu) | |||
| Flags | needinfo?(jqiu) | |||
| Borja Tarraso | 2023-04-24 12:18:37 UTC | Summary | MCE: Potential Cluster Level Privilege Escalation In Open Cluster Management | CVE-2023-2250 MCE: Potential Cluster Level Privilege Escalation In Open Cluster Management |
| Alias | CVE-2023-2250 | |||
| RaTasha Tillery-Smith | 2023-04-24 12:52:15 UTC | Doc Text | A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | A flaw was found in the Open Cluster Management (OCM) when a user has access to the worker nodes, which contain the cluster-manager-registration-controller or cluster-manager deployments. This flaw allows a malicious user to bind the cluster-admin to any service account or use the service account to list all secrets for all Kubernetes namespaces, leading to a cluster-level privilege escalation. |
| Red Hat Bugzilla | 2023-07-07 08:35:08 UTC | Assignee | security-response-team | nobody |
Back to bug 2188607