data/reports/GO-2023-1891.yaml

id: GO-2023-1891
modules:
    - module: k8s.io/kubernetes
      versions:
        - fixed: 1.24.15
        - introduced: 1.25.0
        - fixed: 1.25.11
        - introduced: 1.26.0
        - fixed: 1.26.6
        - introduced: 1.27.0
        - fixed: 1.27.3
      vulnerable_at: 1.27.2
summary: kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
cves:
    - CVE-2023-2727
ghsas:
    - GHSA-qc2g-gmh6-95p4
references:
    - advisory: https://github.com/advisories/GHSA-qc2g-gmh6-95p4
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-2727
    - web: http://www.openwall.com/lists/oss-security/2023/07/06/2
    - web: https://github.com/kubernetes/kubernetes/issues/118640
    - web: https://github.com/kubernetes/kubernetes/pull/118356
    - web: https://github.com/kubernetes/kubernetes/pull/118471
    - web: https://github.com/kubernetes/kubernetes/pull/118473
    - web: https://github.com/kubernetes/kubernetes/pull/118474
    - web: https://github.com/kubernetes/kubernetes/pull/118512
    - web: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
source:
    id: GHSA-qc2g-gmh6-95p4
    created: 2024-08-20T11:50:27.307179-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE