Lucene search

GitHub Advisory DatabaseGHSA-XC8M-28VV-4PJC

HistoryJun 16, 2023 - 9:30 a.m.

Kubelet vulnerable to bypass of seccomp profile enforcement

2023-06-1609:30:24

CWE-1287

GitHub Advisory Database

github.com

kubelet

seccomp

vulnerability

bypass

enforcement

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

Affected configurations

Vulners

Node

k8s.iokubernetesRange<1.27.2

k8s.iokubernetesRange<1.26.5

k8s.iokubernetesRange<1.25.10

k8s.iokubernetesRange<1.24.14

CPENameOperatorVersion
k8s.io/kuberneteslt1.27.2
k8s.io/kuberneteslt1.26.5
k8s.io/kuberneteslt1.25.10
k8s.io/kuberneteslt1.24.14

Name	Operator	Version
k8s.io/kubernetes	lt	1.27.2
k8s.io/kubernetes	lt	1.26.5
k8s.io/kubernetes	lt	1.25.10
k8s.io/kubernetes	lt	1.24.14

References

github.com/advisories/GHSA-xc8m-28vv-4pjc

github.com/kubernetes/kubernetes/issues/118690

github.com/kubernetes/kubernetes/pull/117020

github.com/kubernetes/kubernetes/pull/117116

github.com/kubernetes/kubernetes/pull/117117

github.com/kubernetes/kubernetes/pull/117118

github.com/kubernetes/kubernetes/pull/117147

groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10

lists.fedoraproject.org/archives/list/[email protected]/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/

lists.fedoraproject.org/archives/list/[email protected]/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/

nvd.nist.gov/vuln/detail/CVE-2023-2431

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for GHSA-XC8M-28VV-4PJC