2023-09-24 02:00:28 +00:00
{
"id" : "CVE-2023-1260" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2023-09-24T01:15:42.707" ,
2024-05-03 18:03:31 +00:00
"lastModified" : "2024-05-03T16:15:10.330" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-09-24 02:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod."
2023-09-26 18:00:29 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se descubri\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en kube-apiserver. Este problema podr\u00eda permitir que un atacante remoto y autenticado al que se le hayan otorgado permisos \"update, patch\" el subrecurso \"pods/ephemeralcontainers\" m\u00e1s all\u00e1 de lo predeterminado. Luego tendr\u00edan que crear un nuevo pod o parchear uno al que ya tengan acceso. Esto podr\u00eda permitir la evasi\u00f3n de las restricciones de admisi\u00f3n de SCC, obteniendo as\u00ed el control de un m\u00f3dulo privilegiado."
2023-09-24 02:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-09-26 18:00:29 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
2023-12-15 19:00:28 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" ,
2023-09-26 18:00:29 +00:00
"attackVector" : "NETWORK" ,
2023-12-15 19:00:28 +00:00
"attackComplexity" : "HIGH" ,
2023-09-26 18:00:29 +00:00
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
2023-12-15 19:00:28 +00:00
"baseScore" : 8.0 ,
"baseSeverity" : "HIGH"
2023-09-26 18:00:29 +00:00
} ,
2023-12-15 19:00:28 +00:00
"exploitabilityScore" : 1.3 ,
2023-09-26 18:00:29 +00:00
"impactScore" : 6.0
} ,
2023-09-24 02:00:28 +00:00
{
2023-11-16 03:00:23 +00:00
"source" : "secalert@redhat.com" ,
2023-09-24 02:00:28 +00:00
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.0 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.3 ,
"impactScore" : 6.0
}
]
} ,
2023-09-26 18:00:29 +00:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-Other"
}
]
2023-11-07 21:03:21 +00:00
} ,
{
2023-11-16 03:00:23 +00:00
"source" : "secalert@redhat.com" ,
2023-11-07 21:03:21 +00:00
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-288"
}
]
2023-09-26 18:00:29 +00:00
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:kubernetes:kube-apiserver:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "58A67EBB-3567-46AD-9EF2-8DA8DBABBA03"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EA983F8C-3A06-450A-AEFF-9429DE9A3454"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "40449571-22F8-44FA-B57B-B43F71AB25E2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842"
}
]
}
]
}
] ,
2023-09-24 02:00:28 +00:00
"references" : [
{
"url" : "https://access.redhat.com/errata/RHSA-2023:3976" ,
2023-09-26 18:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-24 02:00:28 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:4093" ,
2023-09-26 18:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-24 02:00:28 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:4312" ,
2023-09-26 18:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-24 02:00:28 +00:00
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2023:4898" ,
2023-09-26 18:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-24 02:00:28 +00:00
} ,
2024-05-03 18:03:31 +00:00
{
"url" : "https://access.redhat.com/errata/RHSA-2023:5008" ,
"source" : "secalert@redhat.com"
} ,
2023-09-24 02:00:28 +00:00
{
"url" : "https://access.redhat.com/security/cve/CVE-2023-1260" ,
2023-09-26 18:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-24 02:00:28 +00:00
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2176267" ,
2023-09-26 18:00:29 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Third Party Advisory"
]
2023-10-29 09:06:41 +00:00
} ,
2024-05-03 18:03:31 +00:00
{
"url" : "https://github.com/advisories/GHSA-92hx-3mh6-hc49" ,
"source" : "secalert@redhat.com"
} ,
2023-10-29 09:06:41 +00:00
{
"url" : "https://security.netapp.com/advisory/ntap-20231020-0010/" ,
2023-11-16 03:00:23 +00:00
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-24 02:00:28 +00:00
}
]
}
