Access Restriction Bypass in kubernetes
High severity
GitHub Reviewed
Published
Feb 15, 2022
to the GitHub Advisory Database
•
Updated Oct 2, 2023
Package
Affected versions
<= 1.2.0-alpha.5
Patched versions
1.2.0-alpha.6
Description
Published by the National Vulnerability Database
Feb 3, 2016
Reviewed
May 7, 2021
Published to the GitHub Advisory Database
Feb 15, 2022
Last updated
Oct 2, 2023
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Specific Go Packages Affected
github.com/kubernetes/kubernetes/pkg/apiserver
References