Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
History

Mon, 25 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2023-07-03T20:06:11.796Z

Updated: 2024-11-25T17:03:07.860Z

Reserved: 2023-05-16T00:32:00.189Z

Link: CVE-2023-2728

cve-icon Vulnrichment

Updated: 2024-08-02T06:33:05.263Z

cve-icon NVD

Status : Modified

Published: 2023-07-03T21:15:09.557

Modified: 2024-11-21T07:59:10.813

Link: CVE-2023-2728

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-06-15T04:00:00Z

Links: CVE-2023-2728 - Bugzilla