| id: GO-2023-1891 |
| modules: |
| - module: k8s.io/kubernetes |
| versions: |
| - fixed: 1.24.15 |
| - introduced: 1.25.0 |
| - fixed: 1.25.11 |
| - introduced: 1.26.0 |
| - fixed: 1.26.6 |
| - introduced: 1.27.0 |
| - fixed: 1.27.3 |
| vulnerable_at: 1.27.2 |
| summary: Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes |
| cves: |
| - CVE-2023-2727 |
| ghsas: |
| - GHSA-qc2g-gmh6-95p4 |
| references: |
| - advisory: https://github.com/advisories/GHSA-qc2g-gmh6-95p4 |
| - web: http://www.openwall.com/lists/oss-security/2023/07/06/2 |
| - web: https://github.com/kubernetes/kubernetes/issues/118640 |
| - web: https://github.com/kubernetes/kubernetes/pull/118356 |
| - web: https://github.com/kubernetes/kubernetes/pull/118471 |
| - web: https://github.com/kubernetes/kubernetes/pull/118473 |
| - web: https://github.com/kubernetes/kubernetes/pull/118474 |
| - web: https://github.com/kubernetes/kubernetes/pull/118512 |
| - web: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 |
| source: |
| id: GHSA-qc2g-gmh6-95p4 |
| created: 2024-08-20T11:50:27.307179-04:00 |
| review_status: REVIEWED |
| unexcluded: NOT_IMPORTABLE |
