Openshift: modification of node role labels
CVE-2023-5408

7.2HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Openshift Container Platform 4.11
Red Hat Openshift Container Platform 4.12
Red Hat Openshift Container Platform 4.13
Red Hat Openshift Container Platform 4.14
Vendor
CVE Published:
2 November 2023

What is CVE-2023-5408?

A privilege escalation vulnerability exists in the node restriction admission plugin of the Kubernetes API server within OpenShift. An unauthorized remote attacker could exploit this flaw by altering the node role label, enabling them to redirect workloads from the control plane and etcd nodes to different worker nodes. This exploitation can allow for unauthorized access to broader areas within the cluster, potentially compromising the integrity and security of the entire environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat OpenShift Container Platform 4.11 v4.11.0-202311211130.p0.g7021090.assembly.stream

Red Hat OpenShift Container Platform 4.12 v4.12.0-202311021630.p0.gfe5e2a1.assembly.stream

Red Hat OpenShift Container Platform 4.13 v4.13.0-202310210425.p0.gd525f5d.assembly.stream

References

https://access.redhat.com/errata/RHSA-2023:5006
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6130
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6842
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Derek Carr (Red Hat) and Mrunal Patel (Red Hat).
JSON
.