Bugzilla – Bug 1212493
VUL-0: CVE-2023-2431: kubernetes1.24,kubernetes1.23: Bypass of seccomp profile enforcement
Last modified: 2023-06-28 16:30:19 UTC
CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. References: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10 https://github.com/kubernetes/kubernetes/issues/118690 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2431 https://bugzilla.redhat.com/show_bug.cgi?id=2215555 https://www.cve.org/CVERecord?id=CVE-2023-2431 https://github.com/kubernetes/kubernetes/issues/118690 https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10
It appears that kubernetes1.2{3,4} has no official maintainer. Priyanka, feel free to reassign if you find a better fit. Affected: - SUSE:SLE-15-SP5:Update/kubernetes1.23 - SUSE:SLE-15-SP5:Update/kubernetes1.24
Thanks for pointing, Thomas. I'll raise fix SRs.
Both the following SR are accepted now. SLE-15-SP5 / kubernetes1.24 - https://build.suse.de/request/show/301662 SLE-15-SP5 / kubernetes1.23 - https://build.suse.de/request/show/301703
SUSE-SU-2023:2691-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1212493 CVE References: CVE-2023-2431 Sources used: openSUSE Leap 15.5 (src): kubernetes1.23-1.23.17-150500.3.6.1 Containers Module 15-SP5 (src): kubernetes1.23-1.23.17-150500.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.