PT-2023-3118 · Unknown+3 · Kubernetes+2

Rita Zhang

+1

·

Publicado

2023-06-15

·

Atualizado

2025-08-08

·

CVE-2023-2727

CVSS v2.0

7.7

Alta

VetorAV:N/AC:L/Au:M/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)
Description The issue is related to the possibility of bypassing the ImagePolicyWebhook admission plugin's policies when using ephemeral containers in Kubernetes clusters. This could allow a remote attacker to circumvent existing security restrictions when launching containers. The vulnerability is associated with the use of the ImagePolicyWebhook admission plugin together with ephemeral containers.
Recommendations As a temporary workaround, consider disabling the use of ephemeral containers with the ImagePolicyWebhook admission plugin until a patch is available. Restrict access to the ImagePolicyWebhook admission plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-20

Identificadores relacionados

ALT-PU-2023-4364
ALT-PU-2023-4397
ALT-PU-2023-4458
BDU:2023-03213
CVE-2023-2727
GHSA-QC2G-GMH6-95P4
GO-2023-1891
OESA-2023-1413
OESA-2023-1414
OESA-2023-1415
OESA-2023-1416
OPENSUSE-SU-2023_3260-1
OPENSUSE-SU-2024:13003-1
OPENSUSE-SU-2024:13004-1
OPENSUSE-SU-2024_3341-1
OPENSUSE-SU-2024_3343-1
OPENSUSE-SU-2025:15424-1
RHSA-2023:5008
RHSA-2023:5009
ROSA-SA-2024-2405
SUSE-SU-2023:2541-1
SUSE-SU-2023:2542-1
SUSE-SU-2023:2543-1
SUSE-SU-2023:2544-1
SUSE-SU-2023:3260-1
SUSE-SU-2023_2541-1
SUSE-SU-2023_2542-1
SUSE-SU-2023_2543-1
SUSE-SU-2023_2544-1
SUSE-SU-2023_3260-1
SUSE-SU-2024:3341-1
SUSE-SU-2024:3343-1

Produtos afetados

Alt Linux
Kubernetes
Suse