A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openshift_container_platform | Redhat | 4.11 (including) | 4.11 (including) |
| Openshift_container_platform | Redhat | 4.12 (including) | 4.12 (including) |
| Openshift_container_platform | Redhat | 4.13 (including) | 4.13 (including) |
| Openshift_container_platform | Redhat | 4.14 (including) | 4.14 (including) |
| Red Hat OpenShift Container Platform 4.11 | RedHat | openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202311211130.p0.g7021090.assembly.stream | * |
| Red Hat OpenShift Container Platform 4.12 | RedHat | openshift4/ose-cluster-kube-apiserver-operator:v4.12.0-202311021630.p0.gfe5e2a1.assembly.stream | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | openshift4/ose-cluster-kube-apiserver-operator:v4.13.0-202310210425.p0.gd525f5d.assembly.stream | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | openshift4/ose-cluster-kube-apiserver-operator:v4.14.0-202310201027.p0.g8b38d12.assembly.stream | * |