CVE-2023-1260
Kube-apiserver: privesc
Severity Score
Exploit Likelihood
Affected Versions
5Public Exploits
0Exploited in Wild
-Decision
Descriptions
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
Se descubrió una vulnerabilidad de omisión de autenticación en kube-apiserver. Este problema podría permitir que un atacante remoto y autenticado al que se le hayan otorgado permisos "update, patch" el subrecurso "pods/ephemeralcontainers" más allá de lo predeterminado. Luego tendrían que crear un nuevo pod o parchear uno al que ya tengan acceso. Esto podría permitir la evasión de las restricciones de admisión de SCC, obteniendo así el control de un módulo privilegiado.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-03-07 CVE Reserved
- 2023-07-12 CVE Published
- 2024-08-02 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://github.com/advisories/GHSA-92hx-3m... | ||
| https://security.netapp.com/advisory/ntap-... | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|