Sparkechooo

**Name of the Vulnerable Software and Affected Versions** Open Cluster Management (OCM) (affected versions not specified) **Description** A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Capsule versions 0.7.0 and earlier **Description** The issue allows a tenant-owner to patch any arbitrary namespace that has not been taken over by a tenant, thereby gaining control of that namespace. This is possible because namespaces without the `ownerReference` field can be patched by the tenant-owner. The vulnerability can be exploited by sending a PATCH request to the `/api/v1/namespaces/{namespace}` endpoint, allowing the attacker to add an `ownerReference` field to the namespace. **Recommendations** For Capsule versions 0.7.0 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the `patch` permission for tenant-owners to prevent them from patching arbitrary namespaces. Additionally, monitor your system for any suspicious activity, such as unauthorized namespace patches, and investigate any potential security incidents.