2317916 – (CVE-2024-9779) CVE-2024-9779 open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens

Bug 2317916 (CVE-2024-9779) - CVE-2024-9779 open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens

Summary: CVE-2024-9779 open-cluster-management-io/ocm: cluster-manager permissions may...

Keywords:
Status:	NEW
Alias:	CVE-2024-9779
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-10 20:36 UTC by OSIDB Bzimport
Modified:	2024-10-21 21:09 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-10 20:36:13 UTC

The Deployment named "cluster-manager" uses a ServiceAccount with the same name ("cluster-manager"). This ServiceAccount is bound to a ClusterRole also named "cluster-manager," which includes the permission to create Pod resources.

Therefore, if this Deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any sa's token by creating and mounting target sa and even control the whole cluster.

Note You need to log in before you can comment on or make changes to this bug.