CVE-2017-1000056
published 2017-07-17CVE-2017-1000056: Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any…
PriorityP347critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.44%
82.2th percentile
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.5.5+dfsg-1 (bookworm) | kubernetes 1.5.5+dfsg-1 (bookworm) |
| k8s.io | kubernetes | >= 1.5.0 < 1.5.5 | 1.5.5 |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | >= 0 < 1.5.5+dfsg-1 | 1.5.5+dfsg-1 |
| kubernetes | kubernetes | >= 0 < 1.5.5+dfsg-1 | 1.5.5+dfsg-1 |
| kubernetes | kubernetes | >= 0 < 1.5.5+dfsg-1 | 1.5.5+dfsg-1 |
| kubernetes | kubernetes | >= 0 < 1.5.5+dfsg-1 | 1.5.5+dfsg-1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin
vendor_redhat·2017-03-01·CVSS 9.8
CVE-2017-1000056 [CRITICAL] CWE-285 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin
kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
Package: kubernetes (Red Hat Enterprise Linux 7) - Will not fix
Package: atomic-openshift (Red Hat OpenShift Enterprise 3) - Not affected
Debian
CVE-2017-1000056: kubernetes - Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the Po...
vendor_debian·2017·CVSS 9.8
CVE-2017-1000056 [CRITICAL] CVE-2017-1000056: kubernetes - Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the Po...
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
Scope: local
bookworm: resolved (fixed in 1.5.5+dfsg-1)
bullseye: resolved (fixed in 1.5.5+dfsg-1)
forky: resolved (fixed in 1.5.5+dfsg-1)
sid: resolved (fixed in 1.5.5+dfsg-1)
trixie: resolved (fixed in 1.5.5+dfsg-1)
OSV
Kubernetes Privilege Escalation in k8s.io/kubernetes
osv·2024-08-20
CVE-2017-1000056 Kubernetes Privilege Escalation in k8s.io/kubernetes
Kubernetes Privilege Escalation in k8s.io/kubernetes
Kubernetes Privilege Escalation in k8s.io/kubernetes
GHSA
Kubernetes Privilege Escalation
ghsa·2021-05-12
CVE-2017-1000056 [CRITICAL] CWE-862 Kubernetes Privilege Escalation
Kubernetes Privilege Escalation
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
OSV
Kubernetes Privilege Escalation
osv·2021-05-12
CVE-2017-1000056 [CRITICAL] Kubernetes Privilege Escalation
Kubernetes Privilege Escalation
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
OSV
CVE-2017-1000056: Kubernetes version 1
osv·2017-07-17·CVSS 9.8
CVE-2017-1000056 [CRITICAL] CVE-2017-1000056: Kubernetes version 1
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin
bugzilla·2017-08-29·CVSS 9.8
CVE-2017-1000056 [CRITICAL] CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin
CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin
Kubernetes is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
Upstream patch:
https://github.com/kubernetes/kubernetes/commit/7fef0a4f6a44ea36f166c39fdade5324eff2dd5e
Upstream issue:
https://github.com/kubernetes/kubernetes/issues/43459
References:
https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETES-50004
Discussion:
Created kubernetes tracking bugs for this issue:
Affects: fedora-25 [bug 1486337]
---
OpenShift isn't affected because we use Security Context Constraints (SCC) instead of Pod Security Policy (PSP). PSP support is not imported from upstream.
This will only affect OpenS
Bugzilla
CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin [fedora-25]
bugzilla·2017-08-29·CVSS 9.8
CVE-2017-1000056 [CRITICAL] CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin [fedora-25]
CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin [fedora-25]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-25.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the follow
2017-07-17
Published