vulnerability

SUSE: CVE-2023-2728: SUSE Linux Security Advisory

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:N)
Published
2023-06-19
Added
2023-06-20
Modified
2025-01-28

Description

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

Solution(s)

suse-upgrade-kubernetes1-18-clientsuse-upgrade-kubernetes1-18-client-commonsuse-upgrade-kubernetes1-23-apiserversuse-upgrade-kubernetes1-23-clientsuse-upgrade-kubernetes1-23-client-bash-completionsuse-upgrade-kubernetes1-23-client-commonsuse-upgrade-kubernetes1-23-client-fish-completionsuse-upgrade-kubernetes1-23-controller-managersuse-upgrade-kubernetes1-23-kubeadmsuse-upgrade-kubernetes1-23-kubeletsuse-upgrade-kubernetes1-23-kubelet-commonsuse-upgrade-kubernetes1-23-proxysuse-upgrade-kubernetes1-23-schedulersuse-upgrade-kubernetes1-24-apiserversuse-upgrade-kubernetes1-24-clientsuse-upgrade-kubernetes1-24-client-bash-completionsuse-upgrade-kubernetes1-24-client-commonsuse-upgrade-kubernetes1-24-client-fish-completionsuse-upgrade-kubernetes1-24-controller-managersuse-upgrade-kubernetes1-24-kubeadmsuse-upgrade-kubernetes1-24-kubeletsuse-upgrade-kubernetes1-24-kubelet-commonsuse-upgrade-kubernetes1-24-proxysuse-upgrade-kubernetes1-24-scheduler

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today