6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
5.9 Medium
AI Score
Confidence
High
4.7 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:M/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
29.1%
software: kubernetes 1.25.15
WASP: ROSA-CHROME
package_evr_string: kubernetes-1.25.15-1
CVE-ID: CVE-2023-2431
BDU-ID: 2023-03899
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation of a specified input data type. Exploitation of the vulnerability could allow an attacker to configure certain modules to run in “unrestricted mode”
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update kubernetes
CVE-ID: CVE-2023-2727
BDU-ID: 2023-03213
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Kubernetes virtual machine cluster management software tool is related to the ability to bypass the policies of the ImagePolicyWebhook admission module. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions when running containers
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update kubernetes
CVE-ID: CVE-2023-2728
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Users may be able to run containers to bypass the mounted secrets policy enforced by the ServiceAccount admission plug-in when using ephemeral containers. The policy ensures that modules running ServiceAccount can only reference the secrets specified in the ServiceAccount secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used in conjunction with ephemeral containers.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update kubernetes
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ROSA | any | noarch | kubernetes | < 1.25.15 | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
5.9 Medium
AI Score
Confidence
High
4.7 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:M/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
29.1%