Описание
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | kubernetes | Will not fix | ||
| Red Hat OpenShift Enterprise 3.0 | openshift | Fixed | RHSA-2016:0351 | 03.03.2016 |
| Red Hat OpenShift Enterprise 3.1 | atomic-openshift | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | heapster | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | jenkins | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-align-text | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-ansi-green | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-ansi-wrap | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-anymatch | Fixed | RHSA-2016:0070 | 26.01.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-array-unique | Fixed | RHSA-2016:0070 | 26.01.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
The API server in Kubernetes does not properly check admission control ...
Уязвимость программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю получить доступ к защищаемой информации
EPSS
4 Medium
CVSS2