GHSA-xc8m-28vv-4pjc

Suggest an improvement
Source
https://github.com/advisories/GHSA-xc8m-28vv-4pjc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-xc8m-28vv-4pjc/GHSA-xc8m-28vv-4pjc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xc8m-28vv-4pjc
Aliases
Published
2023-06-16T09:30:24Z
Modified
2023-11-08T04:11:44.373513Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Kubelet vulnerable to bypass of seccomp profile enforcement
Details

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

References

Affected packages

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.14

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
1.25.0
Fixed
1.25.10

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
1.26.0
Fixed
1.26.5

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
1.27.0
Fixed
1.27.2