漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens
Vulnerability Description
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
Open Cluster Management 安全漏洞
Vulnerability Description
Open Cluster Management(OCM)是Open Cluster Management开源的一个社区驱动的项目。专注于 Kubernetes 应用程序的多集群和多云场景。 Open Cluster Management存在安全漏洞,该漏洞源于当用户可以访问包含集群管理器或 klusterlet 部署的工作节点时,开放集群管理 (OCM) 中会发现一个漏洞。
CVSS Information
N/A
Vulnerability Type
N/A