MEDIUM🇵🇱 Wersja polska

CVE-2023-2250

CVSS 6.7v3.1pub. 2023-04-24upd. 2025-02-04

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Linuxfoundation Open Cluster Management

    APP
    Linuxfoundation
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPEContainer
CWE
References

Related vulnerabilities

CVE-2026-53488CRITICAL9.4ten sam vendor

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...

CVE-2026-44477CRITICAL9.4PL ✓ten sam vendor

CloudNativePG: eskalacja uprawnień do superużytkownika PostgreSQL przez metrics exporter

CVE-2026-37531CRITICAL9.8PL ✓ten sam vendor

AGL app-framework-main: Zip Slip + TOCTOU umożliwiają zapis dowolnych plików

CVE-2026-32604CRITICAL9.9PL ✓ten sam vendor

RCE w Spinnaker — wykonanie dowolnych poleceń na podach clouddriver

CVE-2026-32613CRITICAL9.9PL ✓ten sam vendor

Spinnaker Echo: nieograniczony dostęp SPeL umożliwia RCE