A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or…
redhat·CWE-266·Published 2024-12-17
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.
Open Cluster Management vulnerable to Trust Boundary Violation in open-cluster-management.io/ocm
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.
Se encontró una falla en Open Cluster Management (OCM) cuando un usuario tiene acceso a los nodos de trabajo que contienen las implementaciones de cluster-manager o klusterlet. La implementación de cluster-manager utiliza una cuenta de servicio con el mismo nombre "cluster-manager" que está vinculada a un ClusterRole también llamado "cluster-manager", que incluye el permiso para crear recursos de pod. Si esta implementación ejecuta un pod en un nodo controlado por un atacante, este puede obtener el token de cluster-manager y robar cualquier token de cuenta de servicio mediante la creación y el montaje de la cuenta de servicio de destino para controlar todo el clúster.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N |
| 3.1 | Secondary | NVD | 7.5 | 2.2 | 4.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N |
| 3.1 | Secondary | GHSA | 7.5 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N |