mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 12:50:22 +02:00
67b0ef4256
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers, Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kuberenetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountab'le-secrets` annotation are used teogether with ephemeralcontainers. CVE: CVE-2023-2727, CVE-2023-2728 Affected Versions 1.27.0 - v1.27.2 v1.26.0 - v1.26.5 v1.25.0 - v1.25.10 <= v1.24.14 master branch(kubernetes v1.28.2) is not impacted mickledore branch(kubernetes v1.27.5) is not impacted References: https://nvd.nist.gov/vuln/detail/CVE-2023-2727 https://nvd.nist.gov/vuln/detail/CVE-2023-2728 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|---|---|---|
| .. | ||
| buildah | ||
| catatonit | ||
| cgroup-lite | ||
| conmon | ||
| container-host-config | ||
| containerd | ||
| cri-o | ||
| cri-tools | ||
| criu | ||
| crun | ||
| docker | ||
| docker-compose | ||
| docker-distribution | ||
| go-digest | ||
| go-errors | ||
| go-spf13-cobra | ||
| go-spf13-pflag | ||
| k3s | ||
| kubernetes | ||
| lxc | ||
| lxcfs | ||
| nerdctl | ||
| oci-image-spec | ||
| oci-image-tools | ||
| oci-runtime-spec | ||
| oci-runtime-tools | ||
| oci-systemd-hook | ||
| podman | ||
| podman-compose | ||
| podman-tui | ||
| riddler | ||
| runc | ||
| singularity | ||
| skopeo | ||
| sloci-image | ||
| tini | ||
| umoci | ||