Описание
Уязвимость плагина NodeRestriction сервера kube-apiserver программного средства управления кластерами виртуальных машин Kubernetes связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии
Вендор
Наименование ПО
Версия ПО
Тип ПО
Операционные системы и аппаратные платформы
Уровень опасности уязвимости
Возможные меры по устранению уязвимости
Статус уязвимости
Наличие эксплойта
Информация об устранении
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
6.7 Medium
CVSS3
8.7 High
CVSS2
Связанные уязвимости
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
A vulnerability exists in the NodeRestriction admission controller in ...
Kubernetes Nodes can delete themselves by adding an OwnerReference
EPSS
6.7 Medium
CVSS3
8.7 High
CVSS2