Bug 2215555 (CVE-2023-2431)
Summary: | CVE-2023-2431 kubernetes: Bypass of seccomp profile enforcement | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adudiak, akarol, amctagga, aveerama, bbuckingham, bcourt, cwelton, dfreiber, dhughes, dmetzger, dsimansk, dymurray, eglynn, ehelms, ellin, gmccullo, gtanzill, jburrell, jchaloup, jhardy, jjoyce, jkoehler, jmatthew, jsherril, kshier, lball, lhh, lzap, matzew, mburns, mgarciac, mhulan, muagarwa, myarboro, nbecker, nmoumoul, nobody, orabin, pcreech, pgrist, rchan, rhos-maint, rhuss, rjohnson, rogbas, roliveri, scorneli, shbose, simaishi, skontopo, smallamp, stcannon, tfister, ubhargav, vkumar, whayutin, yguenane |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in Kubernetes. This issue occurs when Kubernetes allows a local authenticated attacker to bypass security restrictions, caused by a flaw when using the localhost type for a seccomp profile but specifying an empty profile field. An attacker can bypass the seccomp profile enforcement by sending a specially crafted request.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2219241, 2215556, 2215559, 2215560, 2215561, 2219238, 2219239, 2219240, 2219242, 2219260 | ||
Bug Blocks: | 2215557 |
Description
Guilherme de Almeida Suckevicz
2023-06-16 13:59:30 UTC
Created kubernetes tracking bugs for this issue: Affects: fedora-all [bug 2215556] FEDORA-2023-c7f63322b5 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:6156 https://access.redhat.com/errata/RHSA-2023:6156 |