Bug 2274118 (CVE-2024-3177)
| Summary: | CVE-2024-3177 kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | bleanhar, ibodunov, joelsmith, security-response-team, vrutkovs |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Kubernetes 1.27.13, Kubernetes 1.28.9, Kubernetes 1.29.4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2275405 | ||
| Bug Blocks: | 2274120 | ||
|
Description
TEJ RATHI
2024-04-09 08:15:37 UTC
Created golang-k8s-kubernetes tracking bugs for this issue: Affects: fedora-38 [bug 2275405] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0043 https://access.redhat.com/errata/RHSA-2024:0043 |