The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
CVSS v3.0 Score
7.7
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Information
- Published
- 3 févr. 2016
- Updated
- 12 avr. 2025
- Status
- Deferred
- Source
- secalert@redhat.com
Affected products
kubernetes kubernetesAll Kubernetes CVEs →
Weaknesses (CWE)
CWE-284
Similar CVEs
Other vulnerabilities of type CWE-284
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.