CVE-2023-2250

Published: Apr 24, 2023

Modified: Feb 4, 2025

PUBLISHED

Description

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.

Vendor	Product	Versions
n/a	MCE	affected `2.3.0`

Weaknesses (CWE)

CWE-268

References

https://github.com/open-cluster-management-io/registration-operator/pull/344

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-2250

Description

Affected Products

Weaknesses (CWE)

References