8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
github.com/kubernetes/kubernetes is vulnerable to unauthorised access to the resources. API server allows a user with access privilege to the custom resources in one namespace to create, view update or delete the cluster-scoped resources.
access.redhat.com/errata/RHBA-2019:2816
access.redhat.com/errata/RHBA-2019:2824
access.redhat.com/errata/RHSA-2019:2690
access.redhat.com/errata/RHSA-2019:2769
github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#v1139
github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md#v1145
github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.15.md#v1152
github.com/kubernetes/kubernetes/commit/9d3c8b36d992cdbea00040f2c31d39f46e4c4219
github.com/kubernetes/kubernetes/issues/80983
groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ
security.netapp.com/advisory/ntap-20190919-0003/
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P