CVE-2023-2431 - OpenCVE

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Kubernetes	Kubernetes
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/118690	Issue Tracking
https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/	Mailing List

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published: 2023-06-16T07:08:33.476Z

Updated: 2023-06-16T07:15:37.445Z

Reserved: 2023-04-30T22:44:39.597Z

Link: CVE-2023-2431

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-16T08:15:08.770

Modified: 2023-07-01T06:15:10.603

Link: CVE-2023-2431

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2431", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2023-04-30T22:44:39.597Z", "datePublished": "2023-06-16T07:08:33.476Z", "dateUpdated": "2023-06-16T07:15:37.445Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2023-06-16T07:15:37.445Z"}, "title": "Bypass of seccomp profile enforcement", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "type": "CWE"}]}], "affected": [{"vendor": "Kubernetes", "product": "Kubernetes", "repo": "https://github.com/kubernetes/kubernetes/", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.24.14", "versionType": "kubelet v1.24"}, {"status": "affected", "version": "v1.25.0", "lessThan": "v1.25.9", "versionType": "kubelet v1.25"}, {"status": "affected", "version": "v1.26.0", "lessThan": "v1.26.4", "versionType": "kubelet v1.26"}, {"status": "affected", "version": "v1.27.0", "lessThan": "v1.27.1", "versionType": "kubelet v1.27"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet."}], "references": [{"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10"}, {"url": "https://github.com/kubernetes/kubernetes/issues/118690"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "To mitigate these vulnerabilities, upgrade Kubelet: https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/ https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/"}], "credits": [{"lang": "en", "value": "Tim Allclair", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}, {"lang": "en", "value": "Craig Ingram", "user": "00000000-0000-4000-9000-000000000000", "type": "remediation developer"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "59A9CBF2-B94B-4311-AE41-6CEA2DA7E24B", "versionEndExcluding": "1.24.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2D70178-BDE0-430B-8446-0A93FB2323FB", "versionEndExcluding": "1.25.10", "versionStartIncluding": "1.25.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "D02A28B2-70E6-4B48-9D58-39525AD66C20", "versionEndExcluding": "1.26.5", "versionStartIncluding": "1.26.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C04A62B-D3F5-4E63-819A-0A8868F34643", "versionEndExcluding": "1.27.2", "versionStartIncluding": "1.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet."}], "id": "CVE-2023-2431", "lastModified": "2023-07-01T06:15:10.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2023-06-16T08:15:08.770", "references": [{"source": "jordan@liggitt.net", "tags": ["Issue Tracking"], "url": "https://github.com/kubernetes/kubernetes/issues/118690"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10"}, {"source": "jordan@liggitt.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1287"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}