CVE-2023-0229 — Improper Input Validation in Openshift Apiserver-library-go

CWE-20 — Improper Input Validation12 documents6 sources

Severity

6.3MEDIUMNVD

EPSS

0.1%

top 72.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Openshift Apiserver-library-go Redhat Openshift

Timeline

PublishedJan 26

Latest updateFeb 1

Description

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

▶Gogithub.com/openshift_apiserver-library-go< 0.0.0-20230119093715-30f75d79e424+1

▶CVEListV5github.com/openshift_apiserver-library-goopenshift/apiserver-library-go 4.11

▶NVDredhat/openshift4.11, 4.12+1

🔴Vulnerability Details

OSV

xorg-server, xwayland regression↗2024-02-01

▶

OSV

xorg-server, xwayland regression↗2024-01-30

▶

OSV

xorg-server vulnerabilities↗2024-01-22

▶

OSV

xorg-server, xwayland vulnerabilities↗2024-01-16

▶

OSV

Improper input validation in github.com/openshift/apiserver-library-go↗2023-02-16

▶

📋Vendor Advisories

BSD

OpenBSD 7.4 Errata 012: SECURITY FIX↗2024-01-16

▶

BSD

OpenBSD 7.3 Errata 025: SECURITY FIX↗2024-01-16

▶

Red Hat

openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions↗2023-01-12

▶