CVE-2023-2250

MEDIUM Year: 2023
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-268
View all →

Vulnerability Description

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.

Related Vulnerabilities

CVE-2024-1250

MEDIUM
CVSS:6.5(Medium)

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to...

CWE-2682024

CVE-2025-32955

MEDIUM
CVSS:6.0(Medium)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a polic...

CWE-2682025

CVE-2024-47045

HIGH
CVSS:7.8(High)

Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges t...

CWE-2682024

CVE-2024-1299

HIGH
CVSS:8.1(High)

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_toke...

CWE-2682024

CVE-2023-0759

MEDIUM
CVSS:5.3(Medium)

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

CWE-2682023

CVE-2025-20112

MEDIUM
CVSS:5.1(Medium)

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vu...

CWE-2682025