Bug 2176267 (CVE-2023-1260)
| Summary: | CVE-2023-1260 kube-apiserver: PrivEsc | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Nick Tait <ntait> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | antoine.tran.11w, dfreiber, jburrell, joelsmith, rogbas, vkumar, yaoli |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | github.com/openshift/apiserver-library-go 0.0.0-20230621 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-07-20 22:43:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2176262 | ||
|
Description
Nick Tait
2023-03-07 20:19:01 UTC
Hello Team The customer want to know about the CVE process, May I know when we had plan to fix the issue? Thanks This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:3976 https://access.redhat.com/errata/RHSA-2023:3976 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Ironic content for Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4093 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1260 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:4312 https://access.redhat.com/errata/RHSA-2023:4312 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:4898 https://access.redhat.com/errata/RHSA-2023:4898 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5008 https://access.redhat.com/errata/RHSA-2023:5008 Dear Redhat team,
Can I ask if in the corrected OpenShift version (>=4.11), it is now OK to give these privilege
{APIGroups:[""], Resources:["pods/ephemeralcontainers"], Verbs:["patch" "update"]}
{APIGroups:[""], Resources:["pods/status"], Verbs:["patch" "update"]}
to users without risking escalation privilege as described in this ticket?
Created a new issue https://bugzilla.redhat.com/show_bug.cgi?id=2349782 to ask about granting these privilege by default. |