vulnerability

Red Hat OpenShift: CVE-2023-0229: openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Jan 26, 2023	Mar 13, 2023	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Jan 26, 2023

Added

Mar 13, 2023

Modified

Apr 14, 2025

Description

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

Solution(s)

linuxrpm-upgrade-microshiftlinuxrpm-upgrade-openshift

References

CVE-2023-0229
https://attackerkb.com/topics/CVE-2023-0229
REDHAT-RHSA-2023:1325

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today