A flaw was found in fence agents that rely on SSH/Telnet could be abused to obtain a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user (i.e. a user with developer access) can create a specifically crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation; first as the service account running the operator, then to another service account with cluster-admin privileges.
This issue has been addressed in the following products: Fence Agents Remediation 0.4 for RHEL 8 Via RHSA-2024:5453 https://access.redhat.com/errata/RHSA-2024:5453