According to Red Hat’s advisory, an attacker exploiting it would be able to: “Steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.”
Normally, vulnerabilities are a coding issue, for example a buffer overflow. Unusually, the latest vulnerability is a design flaw in the way Red Hat implemented authorization on the platform’s Role-Based Access Control (RBAC).
Red Hat describes the root of the problem as being an “overly permissive ClusterRole,” jargon for the part of the Kubernetes RBAC system that sets out permissions for users, groups, or service accounts.
