Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 318
CVE-2023-2727
Users may be able to launch containers using images that are restricte ...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
SUSE-SU-2023:2691-1
Security update for kubernetes1.23
BDU:2023-03305
Уязвимость компонента GCP Provider инструмента автоматизированной системы обеспечения kOps программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии
GHSA-xc8m-28vv-4pjc
Kubelet vulnerable to bypass of seccomp profile enforcement
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass ...
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2023-2727 Users may be able to launch containers using images that are restricte ... | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
 | CVE-2023-2727 Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
| CVE-2023-2728 Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | CVSS3: 6.5 | 3% Низкий | почти 2 года назад |
 | SUSE-SU-2023:2691-1 Security update for kubernetes1.23 | 0% Низкий | почти 2 года назад | |
 | BDU:2023-03305 Уязвимость компонента GCP Provider инструмента автоматизированной системы обеспечения kOps программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии | CVSS3: 8 | 0% Низкий | почти 2 года назад |
| GHSA-xc8m-28vv-4pjc Kubelet vulnerable to bypass of seccomp profile enforcement | CVSS3: 4.4 | 0% Низкий | около 2 лет назад |
 | CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | CVSS3: 3.4 | 0% Низкий | около 2 лет назад |
| CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass ... | CVSS3: 3.4 | 0% Низкий | около 2 лет назад |
| CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | CVSS3: 3.4 | 0% Низкий | около 2 лет назад |
 | CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | CVSS3: 3.4 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу