PT-2023-21049 · Unknown+3 · Kubernetes+2

Rita Zhang

Published

2023-06-15

Updated

2025-08-08

CVE-2023-2728

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)

Description The issue allows users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. This policy ensures that pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with ephemeral containers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-4364

ALT-PU-2023-4397

ALT-PU-2023-4458

CVE-2023-2728

GHSA-CGCV-5272-97PR

GO-2023-1892

OESA-2023-1413

OESA-2023-1414

OESA-2023-1415

OESA-2023-1416

OPENSUSE-SU-2023_3260-1

OPENSUSE-SU-2024:13003-1

OPENSUSE-SU-2024:13011-1

OPENSUSE-SU-2024_3341-1

OPENSUSE-SU-2024_3343-1

OPENSUSE-SU-2025:15424-1

RHSA-2023:5008

RHSA-2023:5009

ROSA-SA-2024-2405

SUSE-SU-2023:2541-1

SUSE-SU-2023:2542-1

SUSE-SU-2023:2543-1

SUSE-SU-2023:2544-1

SUSE-SU-2023:3260-1

SUSE-SU-2024:3341-1

SUSE-SU-2024:3343-1

Affected Products

Alt Linux

Kubernetes

Suse

PT-2023-21049 · Unknown+3 · Kubernetes+2

CVE-2023-2728

Weakness Enumeration

Related Identifiers

Affected Products

References · 125