CVE-2017-1000056Missing Authorization in Kubernetes

CWE-862Missing AuthorizationCWE-285Improper Authorization10 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 50.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
KubernetesK8s.io Kubernetes
Timeline
PublishedJul 17
Latest updateAug 20

Description

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Gok8s.io/kubernetes1.5.01.5.5
Debiankubernetes/kubernetes< 1.5.5+dfsg-1+3
NVDkubernetes/kubernetes5 versions+4

🔴Vulnerability Details

5
OSV
Kubernetes Privilege Escalation in k8s.io/kubernetes2024-08-20
GHSA
Kubernetes Privilege Escalation2021-05-12
OSV
Kubernetes Privilege Escalation2021-05-12
OSV
CVE-2017-1000056: Kubernetes version 12017-07-17
CVEList
CVE-2017-1000056: Kubernetes version 12017-07-13

📋Vendor Advisories

2
Red Hat
kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin2017-03-01
Debian
CVE-2017-1000056: kubernetes - Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the Po...2017

💬Community

2
Bugzilla
CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin2017-08-29
Bugzilla
CVE-2017-1000056 kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin [fedora-25]2017-08-29
CVE-2017-1000056 — Missing Authorization in Kubernetes | cvebase