vulnerability
Red Hat OpenShift: CVE-2023-2727: kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:N) | Jul 3, 2023 | Nov 1, 2023 | Aug 11, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:N)
Published
Jul 3, 2023
Added
Nov 1, 2023
Modified
Aug 11, 2025
Description
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Solutions
linuxrpm-upgrade-buildahlinuxrpm-upgrade-butanelinuxrpm-upgrade-catchlinuxrpm-upgrade-conmonlinuxrpm-upgrade-container-selinuxlinuxrpm-upgrade-containernetworking-pluginslinuxrpm-upgrade-containers-commonlinuxrpm-upgrade-coreos-installerlinuxrpm-upgrade-cri-olinuxrpm-upgrade-cri-toolslinuxrpm-upgrade-crunlinuxrpm-upgrade-crun-wasmlinuxrpm-upgrade-fmtlinuxrpm-upgrade-golang-github-prometheus-promulinuxrpm-upgrade-google-benchmarklinuxrpm-upgrade-gtestlinuxrpm-upgrade-haproxylinuxrpm-upgrade-ignitionlinuxrpm-upgrade-kata-containerslinuxrpm-upgrade-kernellinuxrpm-upgrade-kernel-rtlinuxrpm-upgrade-microshiftlinuxrpm-upgrade-nmstatelinuxrpm-upgrade-openshiftlinuxrpm-upgrade-openshift-ansiblelinuxrpm-upgrade-openshift-clientslinuxrpm-upgrade-openshift-kuryrlinuxrpm-upgrade-openshift4-aws-isolinuxrpm-upgrade-openstack-ironiclinuxrpm-upgrade-openstack-ironic-inspectorlinuxrpm-upgrade-openstack-ironic-python-agentlinuxrpm-upgrade-ovn23-09linuxrpm-upgrade-podmanlinuxrpm-upgrade-python-automatonlinuxrpm-upgrade-python-cinderclientlinuxrpm-upgrade-python-clifflinuxrpm-upgrade-python-debtcollectorlinuxrpm-upgrade-python-decoratorlinuxrpm-upgrade-python-dracclientlinuxrpm-upgrade-python-fixtureslinuxrpm-upgrade-python-futuristlinuxrpm-upgrade-python-glanceclientlinuxrpm-upgrade-python-hardwarelinuxrpm-upgrade-python-ironic-liblinuxrpm-upgrade-python-ironic-prometheus-exporterlinuxrpm-upgrade-python-keystoneauth1linuxrpm-upgrade-python-keystoneclientlinuxrpm-upgrade-python-keystonemiddlewarelinuxrpm-upgrade-python-openstacksdklinuxrpm-upgrade-python-os-service-typeslinuxrpm-upgrade-python-os-traitslinuxrpm-upgrade-python-osc-liblinuxrpm-upgrade-python-oslo-cachelinuxrpm-upgrade-python-oslo-concurrencylinuxrpm-upgrade-python-oslo-configlinuxrpm-upgrade-python-oslo-contextlinuxrpm-upgrade-python-oslo-dblinuxrpm-upgrade-python-oslo-i18nlinuxrpm-upgrade-python-oslo-loglinuxrpm-upgrade-python-oslo-messaginglinuxrpm-upgrade-python-oslo-middlewarelinuxrpm-upgrade-python-oslo-policylinuxrpm-upgrade-python-oslo-rootwraplinuxrpm-upgrade-python-oslo-serializationlinuxrpm-upgrade-python-oslo-servicelinuxrpm-upgrade-python-oslo-upgradechecklinuxrpm-upgrade-python-oslo-utilslinuxrpm-upgrade-python-oslo-versionedobjectslinuxrpm-upgrade-python-osprofilerlinuxrpm-upgrade-python-pbrlinuxrpm-upgrade-python-proliantutilslinuxrpm-upgrade-python-pycadflinuxrpm-upgrade-python-requestsexceptionslinuxrpm-upgrade-python-scciclientlinuxrpm-upgrade-python-stevedorelinuxrpm-upgrade-python-sushylinuxrpm-upgrade-python-sushy-oem-idraclinuxrpm-upgrade-python-swiftclientlinuxrpm-upgrade-python-tenacitylinuxrpm-upgrade-python-toozlinuxrpm-upgrade-python-wraptlinuxrpm-upgrade-runclinuxrpm-upgrade-rust-afterburnlinuxrpm-upgrade-skopeolinuxrpm-upgrade-spdloglinuxrpm-upgrade-toolboxlinuxrpm-upgrade-wasmedge
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.