MEDIUM 6.5 Go
kube-apiserver vulnerable to policy bypass
GHSA-qc2g-gmh6-95p4 · CVE-2023-2727 · GO-2023-1891
Published · Modified
Description
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-2727
- WEB https://github.com/kubernetes/kubernetes/issues/118640
- WEB https://github.com/kubernetes/kubernetes/pull/118356
- WEB https://github.com/kubernetes/kubernetes/pull/118471
- WEB https://github.com/kubernetes/kubernetes/pull/118473
- WEB https://github.com/kubernetes/kubernetes/pull/118474
- WEB https://github.com/kubernetes/kubernetes/pull/118512
- PACKAGE https://github.com/kubernetes/kubernetes
- WEB https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
- WEB https://security.netapp.com/advisory/ntap-20230803-0004
- WEB http://www.openwall.com/lists/oss-security/2023/07/06/2
Ready to move
Start Securing
Free, no credit card | First findings in minutes