Red Hat Open Cluster Management Cross-Cluster Privilege Escalation Vulnerability

A vulnerability in Open Cluster Management (OCM), which underpins Red Hat Advanced Cluster Management (ACM), allows managed cluster administrators to improperly validate and forge Kubernetes client certificates. This forged certificate can be approved by the OCM controller, leading to cross-cluster privilege escalation. An attacker could potentially gain control over other managed clusters, including the hub cluster.

Impact

Exploitation of this vulnerability allows an attacker with administrator access to one managed cluster to escalate privileges and become an administrator of other managed clusters registered to the same cluster hub. This could result in unauthorized control over the entire fleet of managed clusters, including the hub cluster itself.

Reproduction

To reproduce this vulnerability, an administrator of a managed cluster can forge a Kubernetes client certificate by creating a CertificateSigningRequest (CSR) that includes a different group name while maintaining the same prefix as the target cluster. This CSR can then be submitted to the OCM controller, which will approve it without proper validation. Once the forged certificate is obtained, it can be used to access and manipulate resources in the target cluster, such as deploying arbitrary applications or configurations.