PT-2023-5676 · Red Hat · Openshift

Derek Carr

Publicado

2023-10-04

Atualizado

2024-01-21

CVE-2023-5408

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenShift (affected versions not specified)

Description A privilege escalation flaw was found in the node restriction admission plugin of the Kubernetes API server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

AZL-31786

AZL-34898

BDU:2023-06344

CVE-2023-5408

Produtos afetados

Openshift

PT-2023-5676 · Red Hat · Openshift

CVE-2023-5408

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16