Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Red Hat OpenShift Builds 1.7.4 by Red Hat

    CVE-2026-10840 (GCVE-0-2026-10840)

    Vulnerability from nvd – Published: 2026-06-04 12:04 – Updated: 2026-07-08 12:05
    VLAI
    Title
    Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources
    Summary
    A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift Builds 1.7.4 Unaffected: 1783341609 , < * (rpm)
        cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.7.4     cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Date Public
    2026-04-25 00:00
    Credits
    Red Hat would like to thank Christopher Lusk (North Echo Security Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T13:11:57.092142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T15:06:49.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.7.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-25T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants\u0027 Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-732",
                    "description": "Incorrect Permission Assignment for Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:05:44.372Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-10840"
              },
              {
                "name": "RHBZ#2484720",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484720"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10840.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36648"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-25T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-25T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to Kueue and cert-manager resources",
            "workarounds": [
              {
                "lang": "en",
                "value": "If the Tekton Scheduler feature is not in use, administrators can mitigate this by patching the ClusterRoleBinding to reference a specific ServiceAccount instead of system:authenticated:\n\noc patch clusterrolebinding tekton-scheduler-rolebinding --type=merge -p \u0027{\"subjects\": [{\"kind\": \"ServiceAccount\", \"name\": \"openshift-pipelines-operator\", \"namespace\": \"openshift-operators\"}]}\u0027\n\nIMPORTANT: The OpenShift Pipelines operator\u0027s reconciliation loop may revert this manual patch. Verify that the operator does not reconcile this binding back to system:authenticated after applying the mitigation. If it does, scale down the operator deployment or configure the operator to skip reconciliation of this object.\n\nAlternatively, the ClusterRoleBinding can be deleted if the Tekton Scheduler is not enabled."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_builds:1.7::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-builds/openshift-builds-rhel9-operator",
              "product": "Red Hat OpenShift Builds 1.7.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1783341609",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-pipelines/pipelines-operator-proxy-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-operator-proxy-rhel9",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-operator-webhook-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-operator-webhook-rhel9",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-pipelines/pipelines-rhel8-operator",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-rhel9-operator",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Christopher Lusk (North Echo Security Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants\u0027 Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T09:24:00.800Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:36648",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36648"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-10840"
            },
            {
              "name": "RHBZ#2484720",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484720"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources",
          "workarounds": [
            {
              "lang": "en",
              "value": "If the Tekton Scheduler feature is not in use, administrators can mitigate this by patching the ClusterRoleBinding to reference a specific ServiceAccount instead of system:authenticated:\n\noc patch clusterrolebinding tekton-scheduler-rolebinding --type=merge -p \u0027{\"subjects\": [{\"kind\": \"ServiceAccount\", \"name\": \"openshift-pipelines-operator\", \"namespace\": \"openshift-operators\"}]}\u0027\n\nIMPORTANT: The OpenShift Pipelines operator\u0027s reconciliation loop may revert this manual patch. Verify that the operator does not reconcile this binding back to system:authenticated after applying the mitigation. If it does, scale down the operator deployment or configure the operator to skip reconciliation of this object.\n\nAlternatively, the ClusterRoleBinding can be deleted if the Tekton Scheduler is not enabled."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-10840",
        "datePublished": "2026-06-04T12:04:42.823Z",
        "dateReserved": "2026-06-04T11:29:18.169Z",
        "dateUpdated": "2026-07-08T12:05:44.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10840 (GCVE-0-2026-10840)

    Vulnerability from cvelistv5 – Published: 2026-06-04 12:04 – Updated: 2026-07-08 12:05
    VLAI
    Title
    Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources
    Summary
    A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat Red Hat OpenShift Builds 1.7.4 Unaffected: 1783341609 , < * (rpm)
        cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.7.4     cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Date Public
    2026-04-25 00:00
    Credits
    Red Hat would like to thank Christopher Lusk (North Echo Security Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T13:11:57.092142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T15:06:49.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.7.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-25T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants\u0027 Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-732",
                    "description": "Incorrect Permission Assignment for Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:05:44.372Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-10840"
              },
              {
                "name": "RHBZ#2484720",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484720"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10840.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36648"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-25T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-25T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to Kueue and cert-manager resources",
            "workarounds": [
              {
                "lang": "en",
                "value": "If the Tekton Scheduler feature is not in use, administrators can mitigate this by patching the ClusterRoleBinding to reference a specific ServiceAccount instead of system:authenticated:\n\noc patch clusterrolebinding tekton-scheduler-rolebinding --type=merge -p \u0027{\"subjects\": [{\"kind\": \"ServiceAccount\", \"name\": \"openshift-pipelines-operator\", \"namespace\": \"openshift-operators\"}]}\u0027\n\nIMPORTANT: The OpenShift Pipelines operator\u0027s reconciliation loop may revert this manual patch. Verify that the operator does not reconcile this binding back to system:authenticated after applying the mitigation. If it does, scale down the operator deployment or configure the operator to skip reconciliation of this object.\n\nAlternatively, the ClusterRoleBinding can be deleted if the Tekton Scheduler is not enabled."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_builds:1.7::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-builds/openshift-builds-rhel9-operator",
              "product": "Red Hat OpenShift Builds 1.7.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1783341609",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-pipelines/pipelines-operator-proxy-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-operator-proxy-rhel9",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-operator-webhook-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-operator-webhook-rhel9",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-pipelines/pipelines-rhel8-operator",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-rhel9-operator",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Christopher Lusk (North Echo Security Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants\u0027 Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T09:24:00.800Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:36648",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36648"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-10840"
            },
            {
              "name": "RHBZ#2484720",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484720"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources",
          "workarounds": [
            {
              "lang": "en",
              "value": "If the Tekton Scheduler feature is not in use, administrators can mitigate this by patching the ClusterRoleBinding to reference a specific ServiceAccount instead of system:authenticated:\n\noc patch clusterrolebinding tekton-scheduler-rolebinding --type=merge -p \u0027{\"subjects\": [{\"kind\": \"ServiceAccount\", \"name\": \"openshift-pipelines-operator\", \"namespace\": \"openshift-operators\"}]}\u0027\n\nIMPORTANT: The OpenShift Pipelines operator\u0027s reconciliation loop may revert this manual patch. Verify that the operator does not reconcile this binding back to system:authenticated after applying the mitigation. If it does, scale down the operator deployment or configure the operator to skip reconciliation of this object.\n\nAlternatively, the ClusterRoleBinding can be deleted if the Tekton Scheduler is not enabled."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-10840",
        "datePublished": "2026-06-04T12:04:42.823Z",
        "dateReserved": "2026-06-04T11:29:18.169Z",
        "dateUpdated": "2026-07-08T12:05:44.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }