Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-1260

Published: 24/09/2023 Updated: 15/12/2023
CVSS v3 Base Score: 8 | Impact Score: 6 | Exploitability Score: 1.3
VMScore: 0
Subscribe to Kube-apiserver

Vulnerability Summary

An authentication bypass vulnerability exists in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes kube-apiserver -

redhat openshift container platform 4.10

redhat openshift container platform 4.12

redhat openshift container platform 4.11

redhat openshift container platform 4.13

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.12.24 packages and security update
Synopsis Important: OpenShift Container Platform 41224 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41224 is now available with updates to p ...
Red Hat: Moderate: OpenShift Container Platform 4.13.6 security and extras update
Synopsis Moderate: OpenShift Container Platform 4136 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4136 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 413R ...
Red Hat: Moderate: OpenShift Container Platform 4.13.6 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4136 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Con ...
Red Hat: Important: OpenShift Container Platform 4.11.46 security update
Synopsis Important: OpenShift Container Platform 41146 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41146 is now available withupdates to packages and im ...
Red Hat: Important: OpenShift Container Platform 4.13.5 security update
概述 Important: OpenShift Container Platform 4135 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 Red Hat OpenShift Container Platform release 4135 is now available with updates to packages and images that ...
Red Hat: Important: OpenShift Container Platform 4.10.67 security update
Synopsis Important: OpenShift Container Platform 41067 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41067 is now available with updates to packages and i ...
Red Hat: Moderate: OpenShift Container Platform 4.13.5 security update
Synopsis Moderate: OpenShift Container Platform 4135 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...
Red Hat: Moderate: OpenShift Container Platform 4.13.5 security update
Synopsis Moderate: OpenShift Container Platform 4135 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...
Red Hat:
Description<!---->An authentication bypass vulnerability was discovered in kube-apiserver This issue could allow a remote, authenticated attacker who has been given permissions &amp;quot;update, patch&amp;quot; the &amp;quot;pods/ephemeralcontainers&amp;quot; subresource beyond what the default is They would then need to create a new pod or patch ...

References

NVD-CWE-Otherhttps://access.redhat.com/security/cve/CVE-2023-1260https://bugzilla.redhat.com/show_bug.cgi?id=2176267https://access.redhat.com/errata/RHSA-2023:4312https://access.redhat.com/errata/RHSA-2023:4093https://access.redhat.com/errata/RHSA-2023:3976https://access.redhat.com/errata/RHSA-2023:4898https://security.netapp.com/advisory/ntap-20231020-0010/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:3976https://access.redhat.com/security/cve/cve-2023-1260
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook