Lucene search
K

10 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5564 Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation in open-cluster-management.io/ocm

Open Cluster Management OCM: Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation in open-cluster-management.io/ocm...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/07 3:30 p.m.2 views

EUVD-2026-19690

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.6 views

Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/07 3:17 p.m.2 views

CVE-2026-4740

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS0.00112EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:30 p.m.2 views

CVE-2026-4740

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/07 2:30 p.m.20 views

CVE-2026-4740 Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS0.00112EPSS
Exploits1References3
CVE
CVE
added 2026/04/07 2:30 p.m.30 views

CVE-2026-4740

CVE-2026-4740 affects Open Cluster Management (OCM), the tech behind Red Hat ACM. The issue is improper validation of Kubernetes client certificate renewal, which can let a managed-cluster admin forge a client certificate accepted by the OCM controller. This enables cross-cluster privilege escala...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 2:13 p.m.3 views

CVE-2026-4740

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30871

Name of the Vulnerable Software and Affected Versions Open Cluster Management OCM affected versions not specified Description A flaw exists due to improper validation of Kubernetes client certificate renewal. This allows a managed cluster administrator to forge a client certificate that can be...

8.2CVSS5.9AI score0.00112EPSS
Exploits1References11
Snyk
Snyk
added 2025/04/25 3:9 p.m.2 views

Improper Ownership Management

Overview github.com/rancher/rancher/pkg/apis/management.cattle.io/v3 is a complete container management platform Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with...

9CVSS7AI score0.00712EPSS
Exploits0References2
Rows per page
Query Builder