Описание
Access Restriction Bypass in kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Specific Go Packages Affected
github.com/kubernetes/kubernetes/pkg/apiserver
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-1905
- https://github.com/kubernetes/kubernetes/issues/19479
- https://github.com/kubernetes/kubernetes/commit/9e6912384a5bc714f2a780b870944a8cee264a22
- https://access.redhat.com/errata/RHSA-2016:0070
- https://access.redhat.com/errata/RHSA-2016:0351
- https://access.redhat.com/security/cve/CVE-2016-1905
- https://bugzilla.redhat.com/show_bug.cgi?id=1297910
Пакеты
github.com/kubernetes/kubernetes
<= 1.2.0-alpha.5
1.2.0-alpha.6
Связанные уязвимости
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
The API server in Kubernetes does not properly check admission control ...
Уязвимость программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю получить доступ к защищаемой информации