How severe is CVE-2024-9779?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-9779?

This is classified as CWE-501, which is a common weakness in software security.

CVE-2024-9779 - HIGH Severity | CVSS 7.5

Vulnerability Description

A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.

Related Vulnerabilities

CVE-2023-28597

HIGH

CVSS:7.5(High)

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web por...

CWE-5012023

CVE-2023-0627

HIGH

CVSS:7.8(High)

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.

CWE-5012023

CVE-2024-23682

HIGH

CVSS:8.2(High)

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbi...

CWE-5012024

CVE-2019-0035

MEDIUM

CVSS:6.8(Medium)

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-passw...

CWE-5012019

CVE-2020-15096

MEDIUM

CVSS:6.8(Medium)

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated ...

CWE-5012020

CVE-2022-20826

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Softwa...

CWE-5012022