Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDA8611847288C05A7264E4C53FD2B73B2F80C3932151AF9808A29840AD5747E0
HistoryAug 08, 2024 - 3:28 p.m.

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to k8s.io/kubernetes ( CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676 )

2024-08-0815:28:15
www.ibm.com
7
ibm cloud pak for data
k8s.io/kubernetes
vulnerability
cve-2023-2728
cve-2023-2727
cve-2023-5408
openshift kubernetes
cve-2023-3955
cve-2023-3676
security bulletin

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

60.7%

JSON

Summary

k8s.io/kubernetes is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676.

Vulnerability Details

CVEID:CVE-2023-2728
**DESCRIPTION:**Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with ephemeral containers. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the mountable secrets policy to launch containers.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2023-2727
**DESCRIPTION:**Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when the ImagePolicyWebhook admission plugin is used together with ephemeral containers. By sending a specially crafted request, an attacker could exploit this vulnerability to launch restricted containers.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2023-5408
**DESCRIPTION:**OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the node restriction admission plugin. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270452 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2023-3955
**DESCRIPTION:**Kubernetes could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation on Windows nodes. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain admin privileges.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264230 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-3676
**DESCRIPTION:**Kubernetes could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation on Windows nodes. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain admin privileges.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264233 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)|**Version(s)
**
—|—
IBM Cloud Pak for Data| 4.0.0-4.8.4

Remediation/Fixes

IBM****strongly recommends addressing the vulnerability now.

Product(s)

|

Version(s) number and/or range

|

Remediation/Fix/Instructions

—|—|—

IBM Cloud Pak for Data

|

4.0.0-4.8.4

|

Download 4.8.5 and follow instructions

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatch4.8.5
VendorProductVersionCPE
ibmcloud_pak_for_data4.8.5cpe:2.3:a:ibm:cloud_pak_for_data:4.8.5:*:*:*:*:*:*:*

Related

fedora 2
nessus 20
oraclelinux 6
openvas 5
redhat 11
ibm 3
rosalinux 1
thn 1
osv 51
prion 5
redhatcve 5
veracode 4
ubuntucve 2
github 4
wolfi 2
debiancve 4
nvd 5
cgr 4
cbl_mariner 2
cvelist 5
cve 5
alpinelinux 1
githubexploit 1
photon 4
fedora
fedora
[SECURITY] Fedora 39 Update: kubernetes-1.27.5-1.fc39
2023-09-15 19:02:03
[SECURITY] Fedora 38 Update: kubernetes-1.26.8-1.fc38
2023-09-02 01:16:23
nessus
nessus
Fedora 39 : kubernetes (2023-8f8ddb2428)
2023-11-07 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.23 (SUSE-SU-2023:2543-1)
2023-06-20 00:00:00
Oracle Linux 8 : kubernetes (ELSA-2023-12561)
2023-07-03 00:00:00
oraclelinux
oraclelinux
kubernetes security update
2023-07-03 00:00:00
olcne security update
2023-07-03 00:00:00
kubernetes security update
2023-07-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for kubernetes1.24 (SUSE-SU-2023:3260-1)
2024-03-04 00:00:00
Fedora: Security Advisory for kubernetes (FEDORA-2023-a3fcc0751f)
2023-09-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2542-1)
2023-06-19 00:00:00
redhat
redhat
(RHSA-2023:4780) Important: Red Hat OpenShift support for Windows Containers 6.0.2 security update
2023-08-28 17:50:58
(RHSA-2023:4835) Important: Red Hat OpenShift support for Windows Containers 5.1.2 security update
2023-08-29 08:31:21
(RHSA-2023:4777) Important: Red Hat OpenShift support for Windows Containers 7.1.1 security update
2023-08-28 15:24:14
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2023-2728)
2023-07-13 13:54:19
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2023-5408)
2024-02-05 11:44:30
Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.
2024-05-11 16:54:01
rosalinux
rosalinux
Advisory ROSA-SA-2024-2405
2024-04-23 12:01:14
thn
thn
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
2023-09-13 14:05:00
osv
osv
CGA-xh7c-m4vq-qg86
2024-06-06 12:29:59
CGA-qv9r-w22w-39xx
2024-06-06 12:29:10
CGA-cwxq-5jvf-67wx
2024-06-06 12:26:58
prion
prion
Security feature bypass
2023-10-31 21:15:00
Authentication flaw
2023-07-03 21:15:00
Privilege escalation
2023-11-02 03:15:00
redhatcve
redhatcve
CVE-2023-2727
2023-06-15 05:45:57
CVE-2023-3676
2023-08-23 13:49:53
CVE-2023-2728
2023-06-15 05:46:06
veracode
veracode
Policy Bypass
2023-07-06 09:42:19
Privilege Escalation
2023-11-01 05:52:49
Policy Bypass
2023-07-06 10:13:19
ubuntucve
ubuntucve
CVE-2023-2727
2023-07-03 00:00:00
CVE-2023-2728
2023-07-03 00:00:00
github
github
kube-apiserver vulnerable to policy bypass
2023-07-03 21:30:57
Kubernetes privilege escalation vulnerability
2023-10-31 21:32:35
Kubernetes mountable secrets policy bypass
2023-07-03 21:30:57
wolfi
wolfi
CVE-2023-2727 vulnerabilities
2024-09-16 09:11:41
CVE-2023-3955 vulnerabilities
2024-09-16 09:11:41
debiancve
debiancve
CVE-2023-3676
2023-10-31 21:15:08
CVE-2023-2727
2023-07-03 21:15:09
CVE-2023-3955
2023-10-31 21:15:08
nvd
nvd
CVE-2023-3955
2023-10-31 21:15:08
CVE-2023-2727
2023-07-03 21:15:09
CVE-2023-5408
2023-11-02 03:15:10
cgr
cgr
CVE-2023-3676 vulnerabilities
2024-05-19 03:07:16
CVE-2023-2727 vulnerabilities
2024-05-19 03:07:16
CVE-2023-2728 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2023-5408 affecting package kubernetes for versions less than 1.28.4-5
2024-04-10 21:48:40
CVE-2023-5408 affecting package kubernetes for versions less than 1.29.1-2
2024-03-19 17:21:46
cvelist
cvelist
CVE-2023-2727 Bypassing policies imposed by the ImagePolicyWebhook admission plugin
2023-07-03 20:05:04
CVE-2023-5408 Openshift: modification of node role labels
2023-11-02 02:55:58
CVE-2023-3955 Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
2023-10-31 20:36:54
cve
cve
CVE-2023-2727
2023-07-03 21:15:09
CVE-2023-3955
2023-10-31 21:15:08
CVE-2023-5408
2023-11-02 03:15:10
alpinelinux
alpinelinux
CVE-2023-2728
2023-07-03 21:15:09
githubexploit
githubexploit
Exploit for Improper Input Validation in Kubernetes
2024-09-05 15:30:51
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0631
2023-08-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0427
2023-07-14 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0043
2023-07-04 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

60.7%

JSON
Related for DA8611847288C05A7264E4C53FD2B73B2F80C3932151AF9808A29840AD5747E0
fedora2nessus20oraclelinux6openvas5redhat11ibm3rosalinux1thn1osv51prion5redhatcve5veracode4ubuntucve2github4wolfi2debiancve4nvd5cgr4cbl_mariner2cvelist5cve5alpinelinux1githubexploit1photon4