CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
45.1%
github.com/kubernetes/kubernetes is vulnerable to Policy Bypass. The vulnerability exists in serviceaccount/admission.go
, when ephemeral containers are used, which allows malicious users to start containers using restricted images, impacting the cluster if the ServiceAccount
admission plugin is utilized as well as the kubernetes.io/enforce-mountable-secrets
annotation.
www.openwall.com/lists/oss-security/2023/07/06/3
access.redhat.com/security/cve/cve-2023-2728
github.com/kubernetes/kubernetes/commit/3a77d5a59f02546512e3e3d13486017b123124eb
github.com/kubernetes/kubernetes/commit/77a97cefad133342bada672c0fac827d622c19ce
github.com/kubernetes/kubernetes/commit/a813061f5a30687653c4a416cdb90aa155004b45
github.com/kubernetes/kubernetes/commit/f58aab87554bfd3c8894f422e353322df1659a97
github.com/kubernetes/kubernetes/issues/118640
github.com/kubernetes/kubernetes/pull/118471
github.com/kubernetes/kubernetes/pull/118473
github.com/kubernetes/kubernetes/pull/118474
github.com/kubernetes/kubernetes/pull/118512
groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
security.netapp.com/advisory/ntap-20230803-0004/