Описание
kube-apiserver vulnerable to policy bypass
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-2727
- https://github.com/kubernetes/kubernetes/issues/118640
- https://github.com/kubernetes/kubernetes/pull/118356
- https://github.com/kubernetes/kubernetes/pull/118471
- https://github.com/kubernetes/kubernetes/pull/118473
- https://github.com/kubernetes/kubernetes/pull/118474
- https://github.com/kubernetes/kubernetes/pull/118512
- https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
- https://security.netapp.com/advisory/ntap-20230803-0004
- http://www.openwall.com/lists/oss-security/2023/07/06/2
Пакеты
k8s.io/kubernetes
>= 1.27.0, < 1.27.3
1.27.3
k8s.io/kubernetes
>= 1.26.0, < 1.26.6
1.26.6
k8s.io/kubernetes
>= 1.25.0, < 1.25.11
1.25.11
k8s.io/kubernetes
< 1.24.15
1.24.15
Связанные уязвимости
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Users may be able to launch containers using images that are restricte ...
Уязвимость программного средства управления кластерами виртуальных машин Kubernetes, связанная с возможностью обхода политик модуля допуска ImagePolicyWebhook, позволяющая нарушителю обойти существующие ограничения безопасности при запуске контейнеров