CVE-2023-1260

Опубликовано: 04 апр. 2023

Источник: redhat

CVSS3: 8

EPSS Низкий

Описание

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 4	openshift4/ose-openshift-apiserver-rhel9	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-pod	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-tests	Not affected
Red Hat OpenShift Container Platform 4.10	openshift	Fixed	RHSA-2023:4898	06.09.2023
Red Hat OpenShift Container Platform 4.11	openshift	Fixed	RHSA-2023:4312	02.08.2023
Red Hat OpenShift Container Platform 4.12	openshift	Fixed	RHSA-2023:3976	12.07.2023
Red Hat OpenShift Container Platform 4.13	openshift	Fixed	RHSA-2023:4093	20.07.2023
Red Hat OpenShift Container Platform 4.14	microshift	Fixed	RHSA-2023:5008	31.10.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-288

https://bugzilla.redhat.com/show_bug.cgi?id=2176267kube-apiserver: PrivEsc

EPSS

Процентиль: 18%

0.00058

Низкий

8 High

CVSS3

Связанные уязвимости

CVE-2023-1260

CVSS3: 8

nvd

больше 2 лет назад

GHSA-92hx-3mh6-hc49

CVSS3: 8

github

больше 2 лет назад

kube-apiserver authentication bypass vulnerability

EPSS

Процентиль: 18%

0.00058

Низкий

8 High

CVSS3