Back to bug 2176267
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Nick Tait | 2023-03-07 20:19:01 UTC | CC | security-response-team | |
| Anten Skrabec | 2023-03-07 20:35:36 UTC | CC | joelsmith | |
| Nick Tait | 2023-03-07 20:57:11 UTC | Summary | EMBARGOED CVE-2023-1260 ephemeralcontainers: PrivEsc | EMBARGOED CVE-2023-1260 securitycontextconstraints: PrivEsc |
| Nick Tait | 2023-03-07 20:59:41 UTC | Summary | EMBARGOED CVE-2023-1260 securitycontextconstraints: PrivEsc | EMBARGOED CVE-2023-1260 kube-apiserver: PrivEsc |
| Nick Tait | 2023-03-07 23:33:25 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Nick Tait | 2023-03-08 17:00:38 UTC | Group | team ocp_embargoes | |
| Nick Tait | 2023-03-08 21:42:31 UTC | Doc Text | An authentication bypass vulnerability was discovered in kube-apiserver. It could be exploited by a remote authenticated attacker who has been given permissions ("update, patch" the "pods/ephemeralcontainers" subresource) beyond what is the default. They would then need to create a new pod or patch one they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. |
|
| Paige Jung | 2023-03-08 21:57:12 UTC | Doc Text | An authentication bypass vulnerability was discovered in kube-apiserver. It could be exploited by a remote authenticated attacker who has been given permissions ("update, patch" the "pods/ephemeralcontainers" subresource) beyond what is the default. They would then need to create a new pod or patch one they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. |
| Nick Tait | 2023-03-24 15:26:07 UTC | Deadline | 2023-04-04 | |
| Nick Tait | 2023-03-24 16:02:19 UTC | Doc Text | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. |
| Nick Tait | 2023-04-04 21:26:36 UTC | Deadline | 2023-04-04 | |
| Group | team ocp_embargoes, security, qe_staff | |||
| Summary | EMBARGOED CVE-2023-1260 kube-apiserver: PrivEsc | CVE-2023-1260 kube-apiserver: PrivEsc | ||
| Red Hat Bugzilla | 2023-07-07 08:31:14 UTC | CC | yaoli | |
| CC | security-response-team | |||
| Assignee | security-response-team | nobody | ||
| errata-xmlrpc | 2023-07-12 04:07:23 UTC | Link ID | Red Hat Product Errata RHSA-2023:3976 | |
| errata-xmlrpc | 2023-07-20 17:28:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:4093 | |
| Product Security DevOps Team | 2023-07-20 22:43:08 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-07-20 22:43:08 UTC | |||
| errata-xmlrpc | 2023-08-02 01:09:25 UTC | Link ID | Red Hat Product Errata RHSA-2023:4312 |
Back to bug 2176267