An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

Affected Packages

Go github.com/openshift/apiserver-library-go

Affected versions: 0 (fixed in 0.0.0-20230621)

Related CVEs

CVE-2023-1260

Key Information

GHSA ID

GHSA-92hx-3mh6-hc49

Published

September 24, 2023 3:30 AM

Last Modified

May 3, 2024 8:24 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

github.com/openshift/apiserver-library-go

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.