CVE-2023-2431

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kubelet (affected versions not specified)

Description A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field are affected by this issue, allowing the pod to run in unconfined (seccomp disabled) mode. The issue is related to insufficient input validation, which can be exploited to configure certain modules to work in an unconfined mode.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1287

Related Identifiers

ALT-PU-2023-4364

ALT-PU-2023-4397

ALT-PU-2023-4458

BDU:2023-03899

CVE-2023-2431

GHSA-XC8M-28VV-4PJC

GO-2023-1864

OESA-2023-1413

OESA-2023-1414

OESA-2023-1415

OESA-2023-1416

OPENSUSE-SU-2024:13013-1

OPENSUSE-SU-2025:15424-1

ROSA-SA-2024-2405

SUSE-SU-2023:2691-1

SUSE-SU-2023_2691-1

SUSE-SU-2025:02423-1

SUSE-SU-2025:02423-2

SUSE-SU-2025_02423-2

Affected Products

Alt Linux

Kubelet

Suse

CVE-2023-2431

Weakness Enumeration

Related Identifiers

Affected Products

References · 100