0.0
medium
  • Attack Complexity

    High

  • Confidentiality

    High

  • Integrity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-GOLANG-GITHUBCOMOPENSHIFTMACHINECONFIGOPERATORPKGSERVER-1059094

  • published

    12 Jan 2021

  • disclosed

    5 Nov 2020

  • credit

    Unknown

How to fix?

There is no fixed version for github.com/openshift/machine-config-operator/pkg/server.

Overview

github.com/openshift/machine-config-operator/pkg/server is an OpenShift 4 is an operator-focused platform, and the Machine Config operator extends that to the operating system itself, managing updates and configuration changes to essentially everything between the kernel and kubelet.

Affected versions of this package are vulnerable to Insecure Permissions via the /etc/kubernetes/kubeconfig file. An attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, may copy this kubeconfig file and attempt to add their own node to the OpenShift cluster.