A flaw was discovered in the node restriction admission plugin of the kubernetes api server of OpenShift. It could allow steering workloads from the control plane and etcd nodes onto a different worker node and gain higher credentials on the cluster.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:6130 https://access.redhat.com/errata/RHSA-2023:6130
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:6842 https://access.redhat.com/errata/RHSA-2023:6842
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:7479 https://access.redhat.com/errata/RHSA-2023:7479