CVE-2015-7561 — Missing Authorization in Kubernetes

CWE-264 CWE-862 — Missing Authorization7 documents6 sources

Severity

3.1LOWNVD

EPSS

0.2%

top 61.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

K8s.io Kubernetes Redhat Openshift

Timeline

PublishedAug 7

Latest updateAug 20

Description

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶Gok8s.io/kubernetes< 1.2.0-alpha.6

▶NVDredhat/openshift3.0

🔴Vulnerability Details

OSV

Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes↗2024-08-20

▶

GHSA

Kubernetes in OpenShift3 Access Control Misconfiguration↗2022-05-13

▶

OSV

Kubernetes in OpenShift3 Access Control Misconfiguration↗2022-05-13

▶

CVEList

CVE-2015-7561: Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image↗2017-08-07

▶

📋Vendor Advisories

Red Hat

OpenShift3: Private Docker images can be used by any user, once they are pulled to a node↗2015-12-15

▶

💬Community

Bugzilla

CVE-2015-7561 OpenShift3: Private Docker images can be used by any user, once they are pulled to a node↗2015-12-16

▶