Juan Osorio Robles

Name of the Vulnerable Software and Affected Versions: OpenShift versions prior to openshift4/ose-machine-config-operator v4.7.0-202105111858.p0. Description: An insecure modification flaw was found in the /etc/kubernetes/kubeconfig file in OpenShift, allowing an attacker with access to a running container that mounts /etc/kubernetes or has local access to the node to copy the kubeconfig file. This could enable the attacker to attempt to add their own node to the OpenShift cluster, posing a threat to confidentiality, integrity, and system availability. Recommendations: For versions prior to openshift4/ose-machine-config-operator v4.7.0-202105111858.p0, update to version v4.7.0-202105111858.p0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /etc/kubernetes/kubeconfig file to minimize the risk of exploitation.