Main Vulnerability Database Vulnerabilities #VU77525

Permissions, Privileges, and Access Controls in apiserver - CVE-2023-2727

Published: June 19, 2023

Vulnerability identifier: #VU77525

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-2727

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
apiserver

Software vendor:
Kubernetes

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions. A remote user can launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers.

Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

Remediation

Install updates from vendor's website.

External links

https://groups.google.com/a/kubernetes.io/g/dev/c/sBNyUMzDXSk/m/D6wP8ZowAAAJ?pli=1

Permissions, Privileges, and Access Controls in apiserver - CVE-2023-2727

Description

Remediation

External links

Please verify you're human