CVE-2023-0229 - Vulnerability Details - OpenCVE

ReportizFlow

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift:4.11:::::::*
	cpe:2.3:a:redhat:openshift:4.12:::::::*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.12
microshift-0:4.12.6-202303012057.p0.g50997a2.assembly.4.12.6.el8	cpe:/a:redhat:openshift:4.12::el8	RHBA-2023:1037	2023-03-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift-0:4.13.0-202304211155.p0.gb404935.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1325	2023-05-18T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2160349
https://github.com/advisories/GHSA-5465-xc2j-6p84
https://nvd.nist.gov/vuln/detail/CVE-2023-0229
https://www.cve.org/CVERecord?id=CVE-2023-0229

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-01-25T00:00:00

Updated: 2024-08-02T05:02:44.191Z

Reserved: 2023-01-12T00:00:00

Link: CVE-2023-0229

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-26T21:18:06.900

Modified: 2024-11-21T07:36:47.110

Link: CVE-2023-0229

Redhat

Severity : Moderate

Publid Date: 2023-01-12T00:00:00Z

Links: CVE-2023-0229 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:4.11:*:*:*:*:*:*:*", "matchCriteriaId": "275413B5-6C5D-4125-9396-0DAE614887E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "D6EE29F1-AE5C-4B2D-9C28-68D10F2DFCB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en github.com/openshift/apiserver-library-go, utilizado en OpenShift 4.12 y 4.11. Dicho fallo puede permitir a los usuarios con pocos privilegios configurar el perfil seccomp para los pods que controlan en \"unconfined\". De forma predeterminada, el perfil seccomp utilizado en la restricci\u00f3n de contexto (restricted-v2 Security Context Constraint, SCC) es \"runtime/default\", lo que permite a los usuarios deshabilitar seccomp para los pods que pueden crear y modificar."}], "id": "CVE-2023-0229", "lastModified": "2024-11-21T07:36:47.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-01-26T21:18:06.900", "references": [{"source": "[email protected]", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2023:1037", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "microshift-0:4.12.6-202303012057.p0.g50997a2.assembly.4.12.6.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:1325", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-0:4.13.0-202304211155.p0.gb404935.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-18T00:00:00Z"}], "bugzilla": {"description": "openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions", "id": "2160349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify.", "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify."], "name": "CVE-2023-0229", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-apiserver-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0229\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0229\nhttps://github.com/advisories/GHSA-5465-xc2j-6p84"], "statement": "This flaw does not affect OpenShift versions 4.10 and earlier.", "threat_severity": "Moderate"}