CVE-2016-1905Improper Access Control in Kubernetes Kubernetes

CWE-284Improper Access ControlCWE-285Improper Authorization14 documents7 sources
Severity
7.7HIGHNVD
EPSS
0.2%
top 53.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Github.com Kubernetes Kubernetes
Timeline
PublishedFeb 3
Latest updateAug 21

Description

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

4
OSV
Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes2024-08-21
OSV
Access Restriction Bypass in kubernetes2022-02-15
GHSA
Access Restriction Bypass in kubernetes2022-02-15
CVEList
CVE-2016-1905: The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a c2016-02-03

📋Vendor Advisories

2
Red Hat
server: patch operation should use patched object to check admission control2016-01-11
Debian
CVE-2016-1905: kubernetes - The API server in Kubernetes does not properly check admission control, which al...2016

💬Community

7
Bugzilla
CVE-2016-5175 chromium-browser: various fixes from internal audits2016-09-14
Bugzilla
CVE-2016-5173 chromium-browser: extension resource access2016-09-14
Bugzilla
CVE-2016-5174 chromium-browser: popup not correctly suppressed2016-09-14
Bugzilla
CVE-2016-5170 chromium-browser: use after free in blink2016-09-14
Bugzilla
CVE-2016-5172 chromium-browser: arbitrary memory read in v82016-09-14
CVE-2016-1905 — Improper Access Control | cvebase