{}

{}

{}

{"acknowledgement": "Red Hat would like to thank Nanzi Yang and Xingyu Liu for reporting this issue.", "bugzilla": {"description": "open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens", "id": "2317916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317916"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", "status": "draft"}, "cwe": "CWE-268->CWE-501", "details": ["A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name \"cluster-manager\" which is bound to a ClusterRole also named \"cluster-manager\", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster."], "name": "CVE-2024-9779", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "open-cluster-management", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}], "public_date": "2023-11-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-9779\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9779\nhttps://github.com/open-cluster-management-io/ocm/pull/325\nhttps://github.com/open-cluster-management-io/ocm/releases/tag/v0.13.0\nhttps://github.com/open-cluster-management-io/registration-operator/issues/361"], "statement": "This flaw affects upstream Open Cluster Management version 0.12.0 and was fixed in 0.13.0. No supported versions of Red Hat Advanced Cluster Management are affected.", "threat_severity": "Moderate"}