Home > Vulnerability Database > CVE-2023-2431

Mend.io Vulnerability Database

CVE-2023-2431

Good to know:

Date: June 16, 2023

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

Language: Go

Severity Score

5.5

Related Resources (7)

Url: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2431

Url: https://github.com/kubernetes/kubernetes/issues/118690

Url: https://access.redhat.com/security/cve/CVE-2023-2431

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/

Url: https://www.mend.io/vulnerability-database/CVE-2023-2431

Severity Score

5.5

Top Fix

Upgrade Version

Upgrade to version v1.24.14,v1.25.9,v1.26.4,v1.27.1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2431

Good to know:

Date: June 16, 2023

Language: Go

Severity Score

Related Resources (7)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?