PT-2024-3763 · Unknown+4 · Kubernetes+3

Tha3E1Vl

·

Published

2024-04-16

·

Updated

2026-01-12

·

CVE-2024-3177

CVSS v2.0

3.3

Low

VectorAV:N/AC:L/Au:M/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)
Description A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2024-8465
ALT-PU-2024-8466
ALT-PU-2024-8546
ALT-PU-2024-8547
ALT-PU-2024-8810
ALT-PU-2024-8811
AZL-40016
AZL-40051
BDU:2024-04110
CVE-2024-3177
ECHO-8513-5439-68DE
GHSA-PXHW-596R-RWQ5
GO-2024-2746
MGASA-2024-0389
OESA-2024-1550
OESA-2024-1576
OESA-2024-1577
OESA-2024-1579
OESA-2024-1580
OESA-2024-1626
OPENSUSE-SU-2024_1403-1
OPENSUSE-SU-2024_1404-1
OPENSUSE-SU-2024_3341-1
OPENSUSE-SU-2024_3343-1
RHSA-2024:0043
RHSA-2024:2054
SUSE-SU-2024:1403-1
SUSE-SU-2024:1404-1
SUSE-SU-2024:3341-1
SUSE-SU-2024:3343-1
SUSE-SU-2024_1403-1
SUSE-SU-2024_1404-1
SUSE-SU-2025:02423-1
SUSE-SU-2025:02423-2
SUSE-SU-2025_02423-2

Affected Products

Alt Linux
Kubernetes
Red Os
Suse