A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openshift_container_platform | Redhat | 4.11 (including) | 4.11 (including) |
Openshift_container_platform | Redhat | 4.12 (including) | 4.12 (including) |
Openshift_container_platform | Redhat | 4.13 (including) | 4.13 (including) |
Openshift_container_platform | Redhat | 4.14 (including) | 4.14 (including) |