Main Vulnerability Database Vulnerabilities #VU77525

Permissions, Privileges, and Access Controls in apiserver - CVE-2023-2727

Published: June 19, 2023

Vulnerability identifier: #VU77525

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-2727

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Kubernetes

Affected software:
apiserver

Detailed vulnerability description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions. A remote user can launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers.

Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

How to mitigate CVE-2023-2727

Install updates from vendor's website.

Sources

https://groups.google.com/a/kubernetes.io/g/dev/c/sBNyUMzDXSk/m/D6wP8ZowAAAJ?pli=1

Permissions, Privileges, and Access Controls in apiserver - CVE-2023-2727

Detailed vulnerability description

How to mitigate CVE-2023-2727

Sources

Please verify you're human