Back to bug 2213121
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-06-07 07:15:37 UTC | CC | security-response-team | |
| Avinash Hanwate | 2023-06-22 09:11:30 UTC | Group | security, qe_staff | |
| Deadline | 2023-06-21 | |||
| CC | joelsmith | |||
| Summary | EMBARGOED CVE-2023-1943 kubernetes/kops: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode | CVE-2023-1943 kubernetes/kops: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode | ||
| Product Security DevOps Team | 2023-06-22 18:40:31 UTC | Resolution | --- | NOTABUG |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-06-22 18:40:31 UTC | |||
| Avinash Hanwate | 2023-07-11 05:28:37 UTC | Doc Text | A flaw was found in the Kubernetes kOps. Affected versions of Kubernetes kOps could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when using GCE/GCP Provider in Gossip Mode. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to cluster-admin permissions. | |
| RaTasha Tillery-Smith | 2023-07-11 14:17:49 UTC | Doc Text | A flaw was found in the Kubernetes kOps. Affected versions of Kubernetes kOps could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when using GCE/GCP Provider in Gossip Mode. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to cluster-admin permissions. | A flaw was found in the Kubernetes kOps. Affected versions of Kubernetes kOps could allow a remote authenticated attacker to gain elevated privileges on the system caused by a vulnerability when using the GCE/GCP Provider in Gossip Mode. By sending a specially crafted request, an authenticated attacker can gain elevated privileges to cluster-admin permissions. |
| RaTasha Tillery-Smith | 2023-07-11 14:18:14 UTC | Doc Text | A flaw was found in the Kubernetes kOps. Affected versions of Kubernetes kOps could allow a remote authenticated attacker to gain elevated privileges on the system caused by a vulnerability when using the GCE/GCP Provider in Gossip Mode. By sending a specially crafted request, an authenticated attacker can gain elevated privileges to cluster-admin permissions. | A flaw was found in the Kubernetes kOps. Affected versions of Kubernetes kOps could allow a remote authenticated attacker to gain elevated privileges on the system caused by a vulnerability when using the GCE/GCP Provider in Gossip Mode. By sending a specially-crafted request, an authenticated attacker can gain elevated privileges to cluster-admin permissions. |
Back to bug 2213121