CVE-2023-2727

Bypassing policies imposed by the ImagePolicyWebhook admission plugin

CVSS 6.5 MEDIUMEPSS 1.1%CWE-20

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 1.1%KEV nãoPoC —Patch —

Lifecycle

03 Jul 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected products

Kubernetes · Kubernetes

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/kubernetes/kubernetes/issues/118640 https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 https://security.netapp.com/advisory/ntap-20230803-0004/http://www.openwall.com/lists/oss-security/2023/07/06/2