3 matches found
CVE-2024-25131
CVE-2024-25131 is linked to OpenShift Must Gather Operator Improper Input Validation. The vulnerability arises in the MustGather.managed.openshift.io CRD, where a non-privileged cluster user can create a MustGather object with a crafted file and set the most privileged service account to run the ...
CVE-2024-25131 Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource CRD of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...
CVE-2024-25131 Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource CRD of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...