CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.6%
A security issue was discovered in Kubernetes where users may be able to
launch containers that bypass the mountable secrets policy enforced by the
ServiceAccount admission plugin when using containers, init containers, and
ephemeral containers with the envFrom field populated. The policy ensures
pods running with a service account may only reference secrets specified in
the service accountโs secrets field. Kubernetes clusters are only affected
if the ServiceAccount admission plugin and the
kubernetes.io/enforce-mountable-secrets annotation are used together with
containers, init containers, and ephemeral containers with the envFrom
field populated.
Author | Note |
---|---|
leosilva | kubernates is in fact a kubernetes installer that calls snap, not the package it self. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | kubernetes | <ย any | UNKNOWN |
ubuntu | 22.04 | noarch | kubernetes | <ย any | UNKNOWN |
ubuntu | 24.04 | noarch | kubernetes | <ย any | UNKNOWN |