Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 919131 (CVE-2023-1260) - sys-cluster/kube-apiserver: authentication bypass vulnerability
Summary: sys-cluster/kube-apiserver: authentication bypass vulnerability
Alias: CVE-2023-1260
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [upstream]
Depends on:
Reported: 2023-12-03 23:14 UTC by John Helmert III
Modified: 2023-12-03 23:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-12-03 23:14:38 UTC

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

RedHat has, of course, not pointed to an upstream issue/patch as far
as I can tell.