Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.
CVSS Information
N/A
Vulnerability Type
特权链锁
Vulnerability Title
Open Cluster Management 安全漏洞
Vulnerability Description
Open Cluster Management是Open Cluster Management开源的一个社区驱动的项目。专注于 Kubernetes 应用程序的多集群和多云场景。 Open Cluster Management存在安全漏洞,攻击者利用该漏洞可以将 cluster-admin 绑定到任何服务帐户或使用服务帐户列出所有 kubernetes 命名空间的所有密钥。
CVSS Information
N/A
Vulnerability Type
N/A