CVE-2023-2727
Bypassing policies imposed by the ImagePolicyWebhook admission plugin
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
*Credits:
Stanislav Láznička
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-16 CVE Reserved
- 2023-07-03 CVE Published
- 2025-02-13 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-554: Functionality Bypass
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2023/07/06/2 | Mailing List |
|
| https://github.com/kubernetes/kubernetes/issues/118640 | Issue Tracking | |
| https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 | Mailing List | |
| https://security.netapp.com/advisory/ntap-20230803-0004 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-2727 | 2023-10-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2211322 | 2023-10-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | <= 1.24.14 Search vendor "Kubernetes" for product "Kubernetes" and version " <= 1.24.14" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.25.0 <= 1.25.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.25.0 <= 1.25.10" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.26.0 <= 1.26.5 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.26.0 <= 1.26.5" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.27.0 <= 1.27.2 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.27.0 <= 1.27.2" | - |
Affected
| ||||||