CVE-2023-2727

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2727
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2727.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2727
Aliases
Related
Published
2023-07-03T21:15:09Z
Modified
2025-03-29T06:05:27.583362Z
Downstream
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

References

Affected packages

Debian:11 / kubernetes

Package

Name
kubernetes
Purl
pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name
kubernetes
Purl
pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kubernetes

Package

Name
kubernetes
Purl
pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kubernetes/kubelet

Affected versions

v1.*

v1.25.0
v1.25.1
v1.25.1-rc.0
v1.25.10
v1.25.2
v1.25.2-rc.0
v1.25.3
v1.25.3-rc.0
v1.25.4
v1.25.4-rc.0
v1.25.5
v1.25.5-rc.0
v1.25.6
v1.25.6-rc.0
v1.25.7
v1.25.7-rc.0
v1.25.8
v1.25.8-rc.0
v1.25.9
v1.26.0
v1.26.1
v1.26.1-rc.0
v1.26.2
v1.26.2-rc.0
v1.26.3
v1.26.3-rc.0
v1.26.4
v1.26.5
v1.27.0
v1.27.1
v1.27.2