Summaryinfo

A vulnerability labeled as critical has been found in Kubernetes. The affected element is an unknown function of the component API Server. The manipulation results in access control. This vulnerability is known as CVE-2016-1906. It is possible to launch the attack remotely. No exploit is available.

Detailsinfo

A vulnerability was found in Kubernetes (Virtualization Software) (the affected version unknown). It has been classified as very critical. Affected is an unknown part of the component API Server. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

The API server in Kubernetes might allow remote attackers to gain privileges by editing a build configuration to use a restricted strategy.

The weakness was published 02/03/2016 (Website). The advisory is available at github.com. This vulnerability is traded as CVE-2016-1906 since 01/14/2016. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 07/07/2022). This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entry is available at VDB-80789. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Virtualization Software

Name

• Kubernetes

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion