Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
CVE-2023-2728

6.5MEDIUM

Key Information:

Vendor: Kubernetes
Status: Kubernetes
Vendor: CVE Published:; 3 July 2023

What is CVE-2023-2728?

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with ephemeral containers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kubernetes v1.24.14

Kubernetes v1.25.0 - v1.25.10

Kubernetes v1.26.0 - v1.26.5

References

https://groups.google.com/g/kubernetes-security-announce/...

mailing-list

https://github.com/kubernetes/kubernetes/issues/118640

issue-tracking

http://www.openwall.com/lists/oss-security/2023/07/06/3

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2023
Vulnerability Reserved
May 16, 2023

Credit

Rita Zhang

JSON

Kubernetes

What is CVE-2023-2728?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.