Описание
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| kubernetes | fixed | 1.20.5+really1.20.2-1 | package |
Примечания
Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
https://github.com/kubernetes/kubernetes/issues/118640
EPSS
Связанные уязвимости
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Уязвимость программного средства управления кластерами виртуальных машин Kubernetes, связанная с возможностью обхода политик модуля допуска ImagePolicyWebhook, позволяющая нарушителю обойти существующие ограничения безопасности при запуске контейнеров
EPSS