CVE-2023-1260 โ€” Authentication Bypass Using an Alternate Path or Channel in Openshift Apiserver-library-go

CWE-288 โ€” Authentication Bypass Using an Alternate Path or Channel5 documents5 sources
Severity
8.0HIGHNVD
EPSS
0.1%
top 80.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Openshift Apiserver-library-goRedhat Openshift Container Platform
Timeline
PublishedSep 24

Description

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages1 packages

Also affects: Openshift Container Platform 4.10, 4.11, 4.12, 4.13

๐Ÿ”ดVulnerability Details

3
OSV
kube-apiserver authentication bypass vulnerabilityโ†—2023-09-24
โ–ถ
GHSA
kube-apiserver authentication bypass vulnerabilityโ†—2023-09-24
โ–ถ
CVEList
Kube-apiserver: privescโ†—2023-09-24
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
kube-apiserver: PrivEscโ†—2023-04-04
โ–ถ
CVE-2023-1260 โ€” HIGH severity | cvebase