Vulnerability Description
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | < 1.24.14 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- https://github.com/kubernetes/kubernetes/issues/118690Issue Tracking
- https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://github.com/kubernetes/kubernetes/issues/118690Issue Tracking
- https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://github.com/kubernetes/kubernetes/issues/118690Issue Tracking
FAQ
What is CVE-2023-2431?
CVE-2023-2431 is a vulnerability with a CVSS score of 3.4 (LOW). A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected...
How severe is CVE-2023-2431?
CVE-2023-2431 has been rated LOW with a CVSS base score of 3.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2431?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Kubernetes, Fedoraproject Fedora.