Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu

kOps privilege escalation vulnerability

Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.

Permalink: https://github.com/advisories/GHSA-8gwj-m6vh-2g6j
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 7 months ago
Updated: 6 months ago

CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-8gwj-m6vh-2g6j, CVE-2023-1943
References:

Repository: https://github.com/kubernetes/kops
Blast Radius: 16.7

Affected Packages

go:k8s.io/kops

Dependent packages: 38
Dependent repositories: 124
Downloads:
Affected Version Ranges: >= 1.26.0, < 1.26.2, < 1.25.4
Fixed in: 1.26.2, 1.25.4
All affected versions: 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.10.0, 1.11.0, 1.15.1, 1.15.2, 1.15.3, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.17.0, 1.17.1, 1.17.2, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.20.0, 1.20.1, 1.20.2, 1.20.3, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.22.5, 1.22.6, 1.23.0, 1.23.1, 1.23.2, 1.23.3, 1.23.4, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.26.0, 1.26.1
All unaffected versions: 1.25.4, 1.26.2, 1.26.3, 1.26.4, 1.26.5, 1.26.6, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.28.4