Google Git
Sign in
go / vulndb / 629ed536694dc1d7f9a0d2dfd5d89d28c94e2186 / . / data / reports / GO-2023-1892.yaml
blob: 0fa65e67f200bc2b8bb49374d74d17a270504608 [file] [log] [blame]
id: GO-2023-1892
modules:
- module: k8s.io/kubernetes
versions:
- fixed: 1.24.15
- introduced: 1.25.0
- fixed: 1.25.11
- introduced: 1.26.0
- fixed: 1.26.6
- introduced: 1.27.0
- fixed: 1.27.3
vulnerable_at: 1.27.2
summary: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
cves:
- CVE-2023-2728
ghsas:
- GHSA-cgcv-5272-97pr
references:
- advisory: https://github.com/advisories/GHSA-cgcv-5272-97pr
- web: http://www.openwall.com/lists/oss-security/2023/07/06/3
- web: https://github.com/kubernetes/kubernetes/issues/118640
- web: https://github.com/kubernetes/kubernetes/pull/118356
- web: https://github.com/kubernetes/kubernetes/pull/118471
- web: https://github.com/kubernetes/kubernetes/pull/118473
- web: https://github.com/kubernetes/kubernetes/pull/118474
- web: https://github.com/kubernetes/kubernetes/pull/118512
- web: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
source:
id: GHSA-cgcv-5272-97pr
created: 2024-08-20T11:50:36.829643-04:00
review_status: REVIEWED
unexcluded: NOT_IMPORTABLE