Bug 2242173 (CVE-2023-5408) - CVE-2023-5408 OpenShift: modification of node role labels
Summary: CVE-2023-5408 OpenShift: modification of node role labels
Keywords:
Status: NEW
Alias: CVE-2023-5408
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2242171
TreeView+ depends on / blocked
 
Reported: 2023-10-04 17:59 UTC by Nick Tait
Modified: 2023-11-29 01:41 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:5006 0 None None None 2023-10-31 12:54:58 UTC
Red Hat Product Errata RHSA-2023:6130 0 None None None 2023-10-30 13:49:29 UTC
Red Hat Product Errata RHSA-2023:6842 0 None None None 2023-11-16 20:31:58 UTC
Red Hat Product Errata RHSA-2023:7479 0 None None None 2023-11-29 01:41:24 UTC

Description Nick Tait 2023-10-04 17:59:39 UTC 
A flaw was discovered in the node restriction admission plugin of the kubernetes api server of OpenShift. It could allow steering workloads from the control plane and etcd nodes onto a different worker node and gain higher credentials on the cluster.
Comment 8 errata-xmlrpc 2023-10-30 13:49:28 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:6130 https://access.redhat.com/errata/RHSA-2023:6130
Comment 9 errata-xmlrpc 2023-10-31 12:54:56 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006
Comment 12 errata-xmlrpc 2023-11-16 20:31:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:6842 https://access.redhat.com/errata/RHSA-2023:6842
Comment 13 errata-xmlrpc 2023-11-29 01:41:23 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:7479 https://access.redhat.com/errata/RHSA-2023:7479
Note You need to log in before you can comment on or make changes to this bug.