CVE-2023-2431

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2431
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2431.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2431
Aliases
Related
Published
2023-06-16T08:15:08Z
Modified
2024-05-29T20:52:01Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

References

Affected packages

Git / github.com/kubernetes/kubelet

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/kubelet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed