CVE-2023-2727
MEDIUM severity · CVSS 6.5 · Improper input validation
6.5CVSS MEDIUM
Summary
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredHigh
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)0%
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://www.openwall.com/lists/oss-security/2023/07/06/2Advisory
- https://github.com/kubernetes/kubernetes/issues/118640
- https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
- https://security.netapp.com/advisory/ntap-20230803-0004/
- http://www.openwall.com/lists/oss-security/2023/07/06/2Advisory
- https://github.com/kubernetes/kubernetes/issues/118640
- https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
- https://security.netapp.com/advisory/ntap-20230803-0004/