漏洞标题
N/A
漏洞描述信息
**争议** Styra Open Policy Agent (OPA) Gatekeeper 3.7.0 处理并发时有误,可能导致不正确的访问控制。数据复制机制使政策能够访问Kubernetes集群状态。在数据复制期间,OPA/Gatekeeper 不等待复制完成 before processing a request,这可能导致OPA/Gatekeeper中复制的资源与实际上存在于集群的资源之间的不一致。不一致可能会在政策绕过中反映出来。注意:供应商认为这不是一个漏洞,因为Kubernetes状态最终是一致。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish before processing a request, which might cause inconsistencies between the replicated resources in OPA/Gatekeeper and the resources actually present in the cluster. Inconsistency can later be reflected in a policy bypass. NOTE: the vendor disagrees that this is a vulnerability, because Kubernetes states are only eventually consistent
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Kubernetes 安全漏洞
漏洞描述信息
Kubernetes是美国Linux基金会的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。 Kubernetes Gatekeeper 3.7.0之前存在安全漏洞,该漏洞源于错误处理并发有时会导致访问控制不正确。
CVSS信息
N/A
漏洞类别
其他