CVE-2015-7561: Kubernetes in OpenShift3 Access Control Misconfiguration

May 13, 2022 (updated July 31, 2023)

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

References

bugzilla.redhat.com/show_bug.cgi?id=1291963
github.com/advisories/GHSA-2h9c-34v6-3qmr
github.com/kubernetes/kubernetes/pull/18909
nvd.nist.gov/vuln/detail/CVE-2015-7561

Code Behaviors & Features

Detect and mitigate CVE-2015-7561 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →