PT-2023-3118 · Unknown+3 · Kubernetes+2

Rita Zhang

+1

·

Published

2023-06-15

·

Updated

2025-08-08

·

CVE-2023-2727

CVSS v2.0

7.7

High

VectorAV:N/AC:L/Au:M/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)
Description The issue is related to the possibility of bypassing the ImagePolicyWebhook admission plugin's policies when using ephemeral containers in Kubernetes clusters. This could allow a remote attacker to circumvent existing security restrictions when launching containers. The vulnerability is associated with the use of the ImagePolicyWebhook admission plugin together with ephemeral containers.
Recommendations As a temporary workaround, consider disabling the use of ephemeral containers with the ImagePolicyWebhook admission plugin until a patch is available. Restrict access to the ImagePolicyWebhook admission plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-20

Related Identifiers

ALT-PU-2023-4364
ALT-PU-2023-4397
ALT-PU-2023-4458
BDU:2023-03213
CVE-2023-2727
GHSA-QC2G-GMH6-95P4
GO-2023-1891
OESA-2023-1413
OESA-2023-1414
OESA-2023-1415
OESA-2023-1416
OPENSUSE-SU-2023_3260-1
OPENSUSE-SU-2024:13003-1
OPENSUSE-SU-2024:13004-1
OPENSUSE-SU-2024_3341-1
OPENSUSE-SU-2024_3343-1
OPENSUSE-SU-2025:15424-1
RHSA-2023:5008
RHSA-2023:5009
ROSA-SA-2024-2405
SUSE-SU-2023:2541-1
SUSE-SU-2023:2542-1
SUSE-SU-2023:2543-1
SUSE-SU-2023:2544-1
SUSE-SU-2023:3260-1
SUSE-SU-2023_2541-1
SUSE-SU-2023_2542-1
SUSE-SU-2023_2543-1
SUSE-SU-2023_2544-1
SUSE-SU-2023_3260-1
SUSE-SU-2024:3341-1
SUSE-SU-2024:3343-1

Affected Products

Alt Linux
Kubernetes
Suse