Untriaged
Kube-apiserver: privesc
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
Affected products
openshift
- *
microshift
- *
openshift4/ose-pod
openshift4/ose-tests
openshift4/ose-openshift-apiserver-rhel7
github.com/openshift/apiserver-library-go
- *
Matching in nixpkgs
pkgs.openshift
Build, deploy, and manage your applications with Docker and Kubernetes
-
nixos-unstable -
- nixpkgs-unstable 4.16.0
pkgs.python312Packages.openshift
Python client for the OpenShift API
-
nixos-unstable -
- nixpkgs-unstable 0.13.2
pkgs.python313Packages.openshift
Python client for the OpenShift API
-
nixos-unstable -
- nixpkgs-unstable 0.13.2
pkgs.python312Packages.azure-mgmt-redhatopenshift
Microsoft Azure Red Hat Openshift Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 2.0.0
pkgs.python313Packages.azure-mgmt-redhatopenshift
Microsoft Azure Red Hat Openshift Management Client Library for Python
-
nixos-unstable -
- nixpkgs-unstable 2.0.0
Package maintainers
-
@stehessel Stephan Heßelmann <stephan@stehessel.de>
-
@moretea Maarten Hoogendoorn <maarten@moretea.nl>
-
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
-
@teto Matthieu Coudron <mcoudron@hotmail.com>