Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
6DescriptionCVE.org
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.
AnalysisAI
Privilege escalation via overly permissive RBAC in Red Hat OpenShift Pipelines operator allows any authenticated cluster user to write to Kueue and cert-manager custom resources, enabling disruption of multi-tenant workload scheduling and tampering with cluster TLS certificates. The flaw stems from the tekton-scheduler-rolebinding ClusterRoleBinding granting system:authenticated overly broad write permissions. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the attack requires only basic cluster authentication.
Same technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34248
GHSA-35w7-q98m-gqgx