-
Notifications
You must be signed in to change notification settings - Fork 57
A potential risk of operator makes a worker node get the token of any Service Account #361
A potential risk of operator makes a worker node get the token of any Service Account #361
Comments
Klusterlet has the same problem, even more serious. |
thanks for the reporting. the code has been moved to https://github.com/open-cluster-management-io/ocm |
Thanks for your reply! |
cc @mikeshng |
cc @pshickeydev |
Knock knock! Are there any updates?Looking forward to your reply! @pshickeydev @mikeshng |
Hi @sparkEchooo, thanks for bringing this to our attention! We're taking a look at this and will let you know what our assessment is. Once again, thank you for your report and I hope to get back to you soon! |
I'm looking forward your reply. And there are some similar CVE for your reference. CVE-2023-30512(https://nvd.nist.gov/vuln/detail/CVE-2023-30512) Thanks again. |
Hi@pshickeydev |
Hi there, how's the progress going. |
The Deployment named "cluster-manager" uses a ServiceAccount with the same name ("cluster-manager"). This ServiceAccount is bound to a ClusterRole also named "cluster-manager," which includes the permission to create Pod resources.
Therefore, if this Deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any sa's token by creating and mounting target sa. And even control the whole cluster.
The text was updated successfully, but these errors were encountered: