Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation
Vulnerability Description
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Red Hat OpenShift 输入验证错误漏洞
Vulnerability Description
Red Hat OpenShift是美国红帽(Red Hat)公司的一款平台即服务(PaaS)云计算平台,它支持构建、测试、部署和运行应用程序。 Red Hat OpenShift存在输入验证错误漏洞,该漏洞源于集群上的非特权用户可以使用特制文件创建MustGather对象,并设置最高特权的服务帐户来运行该作业。
CVSS Information
N/A
Vulnerability Type
N/A