Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-2728

Опубликовано: 03 июл. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with ephemeral containers.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

DNE

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

kinetic

ignored

end of life, was needs-triage
lunar

ignored

end of life, was needs-triage
mantic

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 87%
0.03248
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-2728

CVSS3: 6.5
redhat
около 2 лет назад

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

nvd логотип

CVE-2023-2728

CVSS3: 6.5
nvd
почти 2 года назад

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

debian логотип

CVE-2023-2728

CVSS3: 6.5
debian
почти 2 года назад

Users may be able to launch containers that bypass the mountable secre ...

github логотип

GHSA-cgcv-5272-97pr

CVSS3: 6.5
github
почти 2 года назад

Kubernetes mountable secrets policy bypass

suse-cvrf логотип

SUSE-SU-2023:3260-1

suse-cvrf
почти 2 года назад

Security update for kubernetes1.24

EPSS

Процентиль: 87%
0.03248
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2023-2728