cvedb.io
CVE-2023-2250
MEDIUM · CVSS 6.7
EPSS exploitation probability: 0%
Published 2023-04-24T21:15:09.410 · Last modified 2026-06-17T05:52:06.100

Summary

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.

Affected products

linuxfoundation — open_cluster_management

Does this affect you?

Add your gear to cvedb and we'll alert you only when linuxfoundation ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.