Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-2431

CVE-2023-2431

June 16, 2023

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

Related Resources (16)

https://github.com/kubernetes/kubernetes/pull/117020

https://github.com/advisories/GHSA-xc8m-28vv-4pjc

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/

https://github.com/kubernetes/kubernetes/pull/117147

https://pkg.go.dev/vuln/GO-2023-1864

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/

https://github.com/kubernetes/kubernetes/issues/118690

https://nvd.nist.gov/vuln/detail/CVE-2023-2431

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G

https://github.com/kubernetes/kubernetes/pull/117118

https://github.com/kubernetes/kubernetes/pull/117116