CVE-2016-1905
published 2016-02-03CVE-2016-1905: The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted…
PriorityP345high7.7CVSS 3.0
AVNACLPRLUINSCCNIHAN
EPSS
1.58%
72.5th percentile
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | — | — |
| github.com | kubernetes_kubernetes | >= 0 < 1.2.0-alpha.6 | 1.2.0-alpha.6 |
CVSS provenance
nvdv3.07.7HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_debian7.7LOW
vendor_redhat7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes
osv·2024-08-21
CVE-2016-1905 Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes
Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes
Access Restriction Bypass in kubernetes in github.com/kubernetes/kubernetes
OSV
Access Restriction Bypass in kubernetes
osv·2022-02-15
CVE-2016-1905 [HIGH] Access Restriction Bypass in kubernetes
Access Restriction Bypass in kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
### Specific Go Packages Affected
github.com/kubernetes/kubernetes/pkg/apiserver
GHSA
Access Restriction Bypass in kubernetes
ghsa·2022-02-15
CVE-2016-1905 [HIGH] CWE-284 Access Restriction Bypass in kubernetes
Access Restriction Bypass in kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
### Specific Go Packages Affected
github.com/kubernetes/kubernetes/pkg/apiserver
Red Hat
server: patch operation should use patched object to check admission control
vendor_redhat·2016-01-11·CVSS 7.7
CVE-2016-1905 [HIGH] CWE-285 server: patch operation should use patched object to check admission control
server: patch operation should use patched object to check admission control
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space.
Package: kubernetes (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2016-1905: kubernetes - The API server in Kubernetes does not properly check admission control, which al...
vendor_debian·2016·CVSS 7.7
CVE-2016-1905 [HIGH] CVE-2016-1905: kubernetes - The API server in Kubernetes does not properly check admission control, which al...
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-5175 chromium-browser: various fixes from internal audits
bugzilla·2016-09-14·CVSS 8.8
CVE-2016-5175 [HIGH] CVE-2016-5175 chromium-browser: various fixes from internal audits
CVE-2016-5175 chromium-browser: various fixes from internal audits
Various fixes from internal audits, fuzzing and other initiatives.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=646394
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1375871]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:1905 https://rhn.redhat.com/errata/RHSA-2016-1905.html
---
chromium-53.0.2785.113-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2016-5173 chromium-browser: extension resource access
bugzilla·2016-09-14·CVSS 7.1
CVE-2016-5173 [HIGH] CVE-2016-5173 chromium-browser: extension resource access
CVE-2016-5173 chromium-browser: extension resource access
The following flaw was identified in the Chromium browser: extension resource access.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=468931
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1375871]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:1905 https://rhn.redhat.com/errata/RHSA-2016-1905.html
---
chromium-53.0.2785.113-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2016-5174 chromium-browser: popup not correctly suppressed
bugzilla·2016-09-14·CVSS 6.5
CVE-2016-5174 [MEDIUM] CVE-2016-5174 chromium-browser: popup not correctly suppressed
CVE-2016-5174 chromium-browser: popup not correctly suppressed
The following flaw was identified in the Chromium browser: popup not correctly suppressed.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=579934
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1375871]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:1905 https://rhn.redhat.com/errata/RHSA-2016-1905.html
---
chromium-53.0.2785.113-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2016-5170 chromium-browser: use after free in blink
bugzilla·2016-09-14·CVSS 8.8
CVE-2016-5170 [HIGH] CVE-2016-5170 chromium-browser: use after free in blink
CVE-2016-5170 chromium-browser: use after free in blink
An use after free flaw was found in the Blink component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=641101
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1375871]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:1905 https://rhn.redhat.com/errata/RHSA-2016-1905.html
---
chromium-53.0.2785.113-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2016-5172 chromium-browser: arbitrary memory read in v8
bugzilla·2016-09-14·CVSS 6.5
CVE-2016-5172 [MEDIUM] CVE-2016-5172 chromium-browser: arbitrary memory read in v8
CVE-2016-5172 chromium-browser: arbitrary memory read in v8
An arbitrary memory read flaw was found in the v8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=616386
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1375871]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:1905 https://rhn.redhat.com/errata/RHSA-2016-1905.html
---
chromium-53.0.2785.113-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2016-5171 chromium-browser: use after free in blink
bugzilla·2016-09-14·CVSS 8.8
CVE-2016-5171 [HIGH] CVE-2016-5171 chromium-browser: use after free in blink
CVE-2016-5171 chromium-browser: use after free in blink
An use after free flaw was found in the Blink component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=643357
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1375871]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:1905 https://rhn.redhat.com/errata/RHSA-2016-1905.html
---
chromium-53.0.2785.113-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control
bugzilla·2016-01-12·CVSS 7.7
CVE-2016-1905 [HIGH] CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control
CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control
Kubernetes api server: patch operation should use patched object to check
admission control
External reference:
https://github.com/kubernetes/kubernetes/issues/19479
Discussion:
Upstream patch:
https://github.com/deads2k/kubernetes/commit/d1e258afcf837cf70522c2950bb0aef593da9c3e
---
*** Bug 1298116 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in the following products:
RHEL 7 Version of OpenShift Enterprise 3.1
Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070
---
This issue has been addressed in the following products:
RHEL 7 Version of OpenShift Enterprise 3.0
Via RHSA-2016:0351 https://access.redhat.com/errata/RHSA
2016-02-03
Published