CVE Vulnerabilities

CVE-2023-1174

Incorrect Privilege Assignment

Published: May 24, 2023 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Minikube Kubernetes 1.26.0 (including) 1.26.0 (including)
Minikube Kubernetes 1.26.1 (including) 1.26.1 (including)
Minikube Kubernetes 1.27.0 (including) 1.27.0 (including)
Minikube Kubernetes 1.27.1 (including) 1.27.1 (including)
Minikube Kubernetes 1.28.0 (including) 1.28.0 (including)

Potential Mitigations

References