CVE-2023-2727
MEDIUM6.5EPSS 0.19%Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
發布日:2023/7/3修改日:2026/4/28
描述
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
受影響套件(3)
- Debian/kubernetesfrom 0, < 1.20.5+really1.20.2-1
- Go/k8s.io/kubernetes>= 1.27.0, < 1.27.3
- Go/k8s.io/kubernetesfrom 0, < 1.24.15, >= 1.25.0, < 1.25.11, >= 1.26.0, < 1.26.6, >= 1.27.0, < 1.27.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
參考連結(13)
- ADVISORYhttps://github.com/advisories/GHSA-qc2g-gmh6-95p4
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-2727
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-2727
- PATCHhttps://github.com/kubernetes/kubernetes
- WEBhttps://github.com/kubernetes/kubernetes/issues/118640
- WEBhttps://github.com/kubernetes/kubernetes/pull/118356
- WEBhttps://github.com/kubernetes/kubernetes/pull/118471
- WEBhttps://github.com/kubernetes/kubernetes/pull/118473
- WEBhttps://github.com/kubernetes/kubernetes/pull/118474
- WEBhttps://github.com/kubernetes/kubernetes/pull/118512
- WEBhttps://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
- WEBhttps://security.netapp.com/advisory/ntap-20230803-0004
- WEBhttp://www.openwall.com/lists/oss-security/2023/07/06/2