CVE-2017-1000056

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

Published: Jul 17, 2017
Updated: May 9, 2024
CVE: CVE-2017-1000056
GHSA: GHSA-2jx2-76rc-2v7v
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
kubernetes / kubernetes	1.5.4	1.5.4.x
kubernetes / kubernetes	1.5.3	1.5.3.x
kubernetes / kubernetes	1.5.1	1.5.1.x
kubernetes / kubernetes	1.5.0	1.5.0.x
kubernetes / kubernetes	1.5.2	1.5.2.x
k8s.io/kubernetes	1.5.0	1.5.5

https://github.com/kubernetes/kubernetes/commit/7fef0a4f6a44ea36f166c39fdade5324eff2dd5e
https://github.com/kubernetes/kubernetes/issues/43459

Vulnerability Database

CVE-2017-1000056

Deep Security Visibility Without the Complexity