How severe is CVE-2023-1260?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-1260?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2023-1260 - HIGH Severity | CVSS 8

Vulnerability Description

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.

Related Vulnerabilities

CVE-2019-5165

HIGH

CVSS:8.0(High)

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpr...

CWE-2882019

CVE-2019-3758

HIGH

CVSS:8.1(High)

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthentica...

CWE-2882019

CVE-2020-10283

HIGH

CVSS:8.1(High)

The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopi...

CWE-2882020

CVE-2022-23724

HIGH

CVSS:8.1(High)

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To...

CWE-2882022

CVE-2024-11178

HIGH

CVSS:8.1(High)

The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or tim...

CWE-2882024

CVE-2024-7628

HIGH

CVSS:8.1(High)

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose com...

CWE-2882024