3 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. Se encontró una falla en CRI-O que involucra una anotación experimental que lleva a que un contenedor no esté confinado. Esto puede permitir que un pod especifique y obtenga cualquier cantidad de memoria/CPU, eludiendo el programador de Kubernetes y potencialmente provocando una denegación de servicio en el nodo. • https://access.redhat.com/errata/RHSA-2024:0195 https://access.redhat.com/errata/RHSA-2024:0207 https://access.redhat.com/security/cve/CVE-2023-6476 https://bugzilla.redhat.com/show_bug.cgi?id=2253994 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. Se encontró una falla de escalada de privilegios en el complemento de admisión de restricción de nodos del servidor API de Kubernetes de OpenShift. Un atacante remoto que modifique la etiqueta de función del nodo podría dirigir cargas de trabajo desde el plano de control y los nodos etcd a diferentes nodos trabajadores y obtener un acceso más amplio al clúster. • https://access.redhat.com/errata/RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:6130 https://access.redhat.com/errata/RHSA-2023:6842 https://access.redhat.com/errata/RHSA-2023:7479 https://access.redhat.com/security/cve/CVE-2023-5408 https://bugzilla.redhat.com/show_bug.cgi?id=2242173 https://github.com/openshift/kubernetes/pull/1736 • CWE-269: Improper Privilege Management •

CVSS: 8.0EPSS: 1%CPEs: 5EXPL: 0

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. Se descubrió una vulnerabilidad de omisión de autenticación en kube-apiserver. • https://access.redhat.com/errata/RHSA-2023:3976 https://access.redhat.com/errata/RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4312 https://access.redhat.com/errata/RHSA-2023:4898 https://access.redhat.com/errata/RHSA-2023:5008 https://access.redhat.com/security/cve/CVE-2023-1260 https://bugzilla.redhat.com/show_bug.cgi?id=2176267 https://github.com/advisories/GHSA-92hx-3mh6-hc49 https://security.netapp.com/advisory/ntap-20231020-0010 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •