Kubernetes Privilege Escalation

2021-05-1218:16:32

Google

osv.dev

0.002 Low

EPSS

Percentile

55.8%

JSON

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

CPENameOperatorVersion
k8s.io/kubernetesge1.5.0
k8s.io/kuberneteslt1.5.5

CPE	Name	Operator	Version
	k8s.io/kubernetes	ge	1.5.0
	k8s.io/kubernetes	lt	1.5.5

References

github.com/kubernetes/kubernetes

github.com/kubernetes/kubernetes/commit/7fef0a4f6a44ea36f166c39fdade5324eff2dd5e

github.com/kubernetes/kubernetes/issues/43459

nvd.nist.gov/vuln/detail/CVE-2017-1000056

0.002 Low

EPSS

Percentile

55.8%

JSON

Related for OSV:GHSA-2JX2-76RC-2V7V