Untriaged
Permalink
CVE-2023-1260
8.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Kube-apiserver: privesc
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
References
- RHSA-2023:3976 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4093 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4312 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4898 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5008 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-1260 x_refsource_REDHAT vdb-entry
- RHBZ#2176267 issue-tracking x_refsource_REDHAT
- https://github.com/advisories/GHSA-92hx-3mh6-hc49
- https://security.netapp.com/advisory/ntap-20231020-0010/
- RHSA-2023:3976 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4093 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4312 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4898 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5008 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-1260 x_refsource_REDHAT vdb-entry
- RHBZ#2176267 issue-tracking x_refsource_REDHAT
- https://github.com/advisories/GHSA-92hx-3mh6-hc49
- https://security.netapp.com/advisory/ntap-20231020-0010/
- RHSA-2023:3976 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4093 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4312 x_refsource_REDHAT vendor-advisory
- RHSA-2023:4898 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5008 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-1260 x_refsource_REDHAT vdb-entry
- RHBZ#2176267 issue-tracking x_refsource_REDHAT
- https://github.com/advisories/GHSA-92hx-3mh6-hc49
- https://security.netapp.com/advisory/ntap-20231020-0010/
- RHSA-2023:3976 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4093 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4312 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:4898 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:5008 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-1260 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2176267 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/advisories/GHSA-92hx-3mh6-hc49 x_transferred
- https://security.netapp.com/advisory/ntap-20231020-0010/ x_transferred
Affected products
openshift
- *
microshift
- *
openshift4/ose-pod
openshift4/ose-tests
openshift4/ose-openshift-apiserver-rhel7
github.com/openshift/apiserver-library-go
- *
Matching in nixpkgs
pkgs.openshift
Build, deploy, and manage your applications with Docker and Kubernetes
-
nixos-unstable -
- nixpkgs-unstable 4.16.0
pkgs.python312Packages.openshift
Python client for the OpenShift API
-
nixos-unstable -
- nixpkgs-unstable 0.13.2
pkgs.python313Packages.openshift
Python client for the OpenShift API
-
nixos-unstable -
- nixpkgs-unstable 0.13.2
pkgs.python312Packages.azure-mgmt-redhatopenshift
Microsoft Azure Red Hat Openshift Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 2.0.0
pkgs.python313Packages.azure-mgmt-redhatopenshift
Microsoft Azure Red Hat Openshift Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 2.0.0
Package maintainers
-
@stehessel Stephan Heßelmann <stephan@stehessel.de>
-
@moretea Maarten Hoogendoorn <maarten@moretea.nl>
-
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
-
@teto Matthieu Coudron <mcoudron@hotmail.com>