Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu
kOps privilege escalation vulnerability
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.
Permalink: https://github.com/advisories/GHSA-8gwj-m6vh-2g6jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.0006
EPSS Percentile: 0.26944
Identifiers: GHSA-8gwj-m6vh-2g6j, CVE-2023-1943
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1943
- https://github.com/kubernetes/kops/issues/15539
- https://groups.google.com/g/kubernetes-security-announce/c/yrCE1x89oaU
- https://github.com/advisories/GHSA-8gwj-m6vh-2g6j
Blast Radius: 16.7
Affected Packages
go:k8s.io/kops
Dependent packages: 38Dependent repositories: 124
Downloads:
Affected Version Ranges: >= 1.26.0, < 1.26.2, < 1.25.4
Fixed in: 1.26.2, 1.25.4
All affected versions: 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.10.0, 1.11.0, 1.15.1, 1.15.2, 1.15.3, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.17.0, 1.17.1, 1.17.2, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.20.0, 1.20.1, 1.20.2, 1.20.3, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.22.5, 1.22.6, 1.23.0, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.26.0, 1.26.1
All unaffected versions: 1.25.4, 1.26.2, 1.26.3, 1.26.4, 1.26.5, 1.26.6, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.28.4, 1.28.5, 1.28.6, 1.28.7, 1.29.0, 1.29.1, 1.29.2, 1.30.0, 1.30.1, 1.30.2