5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
k8s.io/kubernetes is vulnerable to Profile Enforcement Bypass. The vulnerability exists because the library does not properly define the seccomp
type for the local host, which allows an attacker to bypass the seccomp profile enforcement by passing an empty profile.
github.com/advisories/GHSA-xc8m-28vv-4pjc
github.com/kubernetes/kubernetes/commit/3d3686b9cf0c85f23898aa828b9a19f52b76324f
github.com/kubernetes/kubernetes/commit/604ad21799c43d87456cc76d3e591487de0a5152
github.com/kubernetes/kubernetes/commit/73174f870735251e7d4240cdc36983d1bef7db5f
github.com/kubernetes/kubernetes/commit/951f8dcc965edba88b6a3940017918df6900704a
github.com/kubernetes/kubernetes/commit/fb31b19f37f4c07854891482d25bbc181a65f1f5
github.com/kubernetes/kubernetes/issues/118690
groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10
lists.fedoraproject.org/archives/list/[email protected]/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/
lists.fedoraproject.org/archives/list/[email protected]/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/