Lucene search
K

144 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/11 12:0 a.m.33 views

SUSE SLES15: kubernetes1.24-client / kubernetes1.24-client-bash-completion / etc (SUSE-SU-2023:3260-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3260-1 advisory. Update to version 1.24.16: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References7
Veracode
Veracode
added 2023/07/06 10:13 a.m.27 views

Policy Bypass

github.com/kubernetes/kubernetes is vulnerable to Policy Bypass. The vulnerability exists in serviceaccount/admission.go, when ephemeral containers are used, which allows malicious users to start containers using restricted images, impacting the cluster if the ServiceAccount admission plugin is...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References13Affected Software2
OSV
OSV
added 2023/07/03 9:30 p.m.28 views

GHSA-CGCV-5272-97PR Kubernetes mountable secrets policy bypass

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.5AI score0.02157EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2023/07/03 9:30 p.m.35 views

Kubernetes mountable secrets policy bypass

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.5AI score0.02157EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2023/07/03 9:15 p.m.22 views

CVE-2023-2728

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.6AI score0.02157EPSS
Exploits1References4
OSV
OSV
added 2023/07/03 9:15 p.m.18 views

CVE-2023-2728

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.5AI score
Exploits0References4
Prion
Prion
added 2023/07/03 9:15 p.m.23 views

Code injection

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

4.7CVSS6.4AI score0.02157EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/07/03 9:15 p.m.23 views

CVE-2023-2728

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2023/07/03 8:6 p.m.20 views

CVE-2023-2728

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.3AI score0.02157EPSS
Exploits1
CVE
CVE
added 2023/07/03 8:6 p.m.2767 views

CVE-2023-2728

CVE-2023-2728 : The vulnerability allows containers to bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when ephemeral containers are used. Kubernetes clusters are affected only if both the ServiceAccount admission plugin and the annotation kubernetes.io/enforce...

6.5CVSS6.6AI score0.02157EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2023/07/03 8:6 p.m.31 views

CVE-2023-2728

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.8AI score0.02157EPSS
Exploits1
Cvelist
Cvelist
added 2023/07/03 8:6 p.m.25 views

CVE-2023-2728 Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.8AI score0.02157EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/07/03 8:6 p.m.25 views

CVE-2023-2728 Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.6AI score0.02157EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.34 views

Oracle Linux 8 : kubernetes (ELSA-2023-12564)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12564 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - CVE-2023-27496 - CVE-2023-27488 - CVE-2023-27493 - CVE-2023-27492 - CVE-2023-27491 -...

10CVSS6.8AI score0.02701EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.28 views

Oracle Linux 8 : kubernetes (ELSA-2023-12561)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12561 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.24.15 Tenable has extracted the preceding description block directly from the Oracle Linux...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.31 views

Oracle Linux 7 : kubernetes (ELSA-2023-12562)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12562 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.24.15 Tenable has extracted the preceding description block directly from the Oracle Linux...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.38 views

Oracle Linux 7 : kubernetes (ELSA-2023-12563)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12563 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - CVE-2023-27496 - CVE-2023-27488 - CVE-2023-27493 - CVE-2023-27492 - CVE-2023-27491 -...

10CVSS6.8AI score0.02701EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.31 views

Oracle Linux 7 : olcne (ELSA-2023-25545)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-25545 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 Tenable has extracted the preceding description block directly from the Oracle Linux...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.37 views

Oracle Linux 8 : olcne (ELSA-2023-25546)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-25546 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 Tenable has extracted the preceding description block directly from the Oracle Linux...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/06/20 12:0 a.m.28 views

SUSE SLES15: kubernetes1.23-apiserver / kubernetes1.23-client / etc (SUSE-SU-2023:2543-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2543-1 advisory. - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. -...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References7
Rows per page
Query Builder