Описание
OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation
A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.
Пакеты
Наименование
github.com/openshift/hive
go
Затронутые версииВерсия исправления
<= 1.1.16
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
около 1 года назад
A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.
