Описание
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/agent-service-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 1.2 | kubernetes | Not affected | ||
| Red Hat Ansible Tower 3 | kubernetes | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | openshift | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift-clients | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=2072188kubernetes: OpenShift API admission checks does not enforce "custom-host" permissions
EPSS
Процентиль: 14%
0.00046
Низкий
4.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.4
nvd
больше 2 лет назад
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
CVSS3: 4.4
github
больше 2 лет назад
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
EPSS
Процентиль: 14%
0.00046
Низкий
4.4 Medium
CVSS3