RedhatCVE-2023-1260CVE-2023-1260
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.8%
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions “update, patch” the “pods/ephemeralcontainers” subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| kubernetes | kube-apiserver | - | cpe:2.3:a:kubernetes:kube-apiserver:-:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | 4.10 | cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | 4.11 | cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | 4.12 | cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | 4.13 | cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:* |
CNA Affected
[
{
"repo": "https://github.com/openshift/apiserver-library-go",
"versions": [
{
"status": "unaffected",
"version": "a994128188486d2dce99a528fbcc017d276081e0",
"lessThan": "*",
"versionType": "git"
}
],
"packageName": "github.com/openshift/apiserver-library-go",
"collectionURL": "https://github.com/openshift/apiserver-library-go"
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.10",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.10.0-202308291228.p0.g26fdcdf.assembly.stream.el7",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.10::el8",
"cpe:/a:redhat:openshift:4.10::el7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.11",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.11.0-202307200925.p0.ga9da4a8.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.11::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.12",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.12.0-202307040929.p0.g1485cc9.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8",
"cpe:/a:redhat:openshift:4.12::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.13",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.13.0-202307132344.p0.gf245ced.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_ironic:4.13::el9",
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.13::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.14",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "microshift",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-openshift-apiserver-rhel7",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-pod",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift4/ose-tests",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
}
]References
access.redhat.com/errata/RHSA-2023:3976
access.redhat.com/errata/RHSA-2023:4093
access.redhat.com/errata/RHSA-2023:4312
access.redhat.com/errata/RHSA-2023:4898
access.redhat.com/errata/RHSA-2023:5008
access.redhat.com/security/cve/CVE-2023-1260
bugzilla.redhat.com/show_bug.cgi?id=2176267
github.com/advisories/GHSA-92hx-3mh6-hc49
security.netapp.com/advisory/ntap-20231020-0010/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.8%