Vulnerabilities > CVE-2023-2250 - Unspecified vulnerability in Linuxfoundation Open Cluster Management

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

linuxfoundation

NVD

Published: 2023-04-24

Updated: 2023-11-07

Summary

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.

Vulnerable Configurations

Part	Description	Count
Application	Linuxfoundation Linuxfoundation Open Cluster Management -	1

References

https://github.com/open-cluster-management-io/registration-operator/pull/344