Impact
A flaw in the Windows Machine Config Operator causes automatically approved certificate signing requests that contain the organization system:wicd‑nodes to also accept additional organizations such as system:masters. A Windows worker node that has been compromised and holds WICD credentials can therefore submit a CSR that includes system:masters; the operator signs it without rejecting the extra value. This results in a client certificate that grants cluster‑administrator privileges, giving the attacker full control over the OpenShift environment and the ability to compromise confidentiality, integrity, and availability of all deployed workloads.
Affected Systems
The vulnerability affects every installation of Red Hat OpenShift Container Platform 4 and Red Hat OpenShift for Windows Containers that deploy the Windows Machine Config Operator. Because no specific version constraints are listed, all current releases of the WMCO component are potentially vulnerable.
Risk and Exploitability
The CVSS score of 8.8 classifies this issue as high severity. The EPSS score is not available, so the precise likelihood of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. The attack requires local compromise of a Windows node that holds WICD credentials; once those credentials are available, an attacker can request a CSR with the system:masters organization and obtain an administrator certificate, enabling a complete cluster takeover. The potential impact is therefore significant.
OpenCVE Enrichment