CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
48.6%
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
[
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.11",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-cluster-kube-apiserver-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.11.0-202311211130.p0.g7021090.assembly.stream",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.11::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.12",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-cluster-kube-apiserver-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.12.0-202311021630.p0.gfe5e2a1.assembly.stream",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.13",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-cluster-kube-apiserver-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.13.0-202310210425.p0.gd525f5d.assembly.stream",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift:4.13::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.14",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-cluster-kube-apiserver-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.14.0-202310201027.p0.g8b38d12.assembly.stream",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9",
"cpe:/a:redhat:openshift:4.14::el8"
]
}
]