{"vulnerability": "CVE-2023-1260", "sightings": [{"uuid": "7a96f6dc-8064-43c0-a37b-b36bad1cf559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1260", "type": "seen", "source": "https://t.me/cibsecurity/70966", "content": "\u203c CVE-2023-1260 \u203c\n\nAn authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-24T10:31:00.000000Z"}]}