CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6476 – Cri-o: pods are able to break out of resource confinement on cgroupv2
https://notcve.org/view.php?id=CVE-2023-6476
09 Jan 2024 — A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. Se encontró una falla en CRI-O que involucra una anotación experimental que lleva a que un contenedor no esté confinado. Esto puede permitir que un pod especifique y obtenga cualquier cantidad de memoria/CPU, eludiendo el programador de ... • https://access.redhat.com/errata/RHSA-2024:0195 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5408 – Openshift: modification of node role labels
https://notcve.org/view.php?id=CVE-2023-5408
31 Oct 2023 — A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. Se encontró una falla de escalada de privilegios en el complemento de admisión de restricción de nodos del servidor API de Kubernetes de OpenShift. Un atacante remoto que modifique la etiqueta de función del nod... • https://access.redhat.com/errata/RHSA-2023:5006 • CWE-269: Improper Privilege Management •