CVE-2023-2727
MEDIUMkubernetes <1.24.14, 1.27.0-1.27.3 - ImagePolicyWebhook Bypass via Ephemeral Containers
Title source: llmDescription
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/07/06/2
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230803-0004/
Mailing List mailing-list
https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
Issue Tracking issue-tracking
https://github.com/kubernetes/kubernetes/issues/118640
Scores
CVSS v3
6.5
EPSS
0.0113
EPSS Percentile
62.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (2)
k8s.io/kubernetes
1.27.0 - 1.27.3Go
kubernetes/kubernetes
< 1.24.14
Published
Jul 03, 2023
Tracked Since
Feb 18, 2026