CVE-2023-2727Improper Input Validation in Kubernetes

CWE-20Improper Input Validation8 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
KubernetesK8s.io Kubernetes
Timeline
PublishedJul 3
Latest updateAug 20

Description

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages4 packages

Gok8s.io/kubernetes1.27.01.27.3+3
Debiankubernetes/kubernetes< 1.20.5+really1.20.2-1+3
CVEListV5kubernetes/kubernetesv1.24.14<=+3
NVDkubernetes/kubernetes1.25.01.25.10+3

🔴Vulnerability Details

5
OSV
Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes2024-08-20
GHSA
kube-apiserver vulnerable to policy bypass2023-07-03
OSV
kube-apiserver vulnerable to policy bypass2023-07-03
CVEList
Bypassing policies imposed by the ImagePolicyWebhook admission plugin2023-07-03
OSV
CVE-2023-2727: Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers2023-07-03

📋Vendor Advisories

2
Red Hat
kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin2023-06-15
Debian
CVE-2023-2727: kubernetes - Users may be able to launch containers using images that are restricted by Image...2023
CVE-2023-2727 — Improper Input Validation in Kubernetes | cvebase