← back
CVE-2023-2431

Bypass of seccomp profile enforcement

CVSS 3.4 LOWEPSS 0.3%CWE-1287
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Affected products
Kubernetes · Kubernetes

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/kubernetes/kubernetes/issues/118690https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/