High severity7.7NVD Advisory· Published Feb 3, 2016· Updated May 6, 2026
CVE-2016-1905
CVE-2016-1905
Description
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/kubernetes/kubernetesGo | < 1.2.0-alpha.6 | 1.2.0-alpha.6 |
Affected products
1- cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*
Patches
19e6912384a5bVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-xx8c-m748-xr4jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-1905ghsaADVISORY
- access.redhat.com/errata/RHSA-2016:0070nvdWEB
- access.redhat.com/errata/RHSA-2016:0351ghsaWEB
- access.redhat.com/security/cve/CVE-2016-1905ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/kubernetes/kubernetes/commit/9e6912384a5bc714f2a780b870944a8cee264a22ghsaWEB
- github.com/kubernetes/kubernetes/issues/19479nvdWEB
News mentions
0No linked articles in our index yet.