data/reports/GO-2023-1892.yaml

id: GO-2023-1892
modules:
    - module: k8s.io/kubernetes
      versions:
        - fixed: 1.24.15
        - introduced: 1.25.0
        - fixed: 1.25.11
        - introduced: 1.26.0
        - fixed: 1.26.6
        - introduced: 1.27.0
        - fixed: 1.27.3
      vulnerable_at: 1.27.2
summary: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
cves:
    - CVE-2023-2728
ghsas:
    - GHSA-cgcv-5272-97pr
references:
    - advisory: https://github.com/advisories/GHSA-cgcv-5272-97pr
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-2728
    - web: http://www.openwall.com/lists/oss-security/2023/07/06/3
    - web: https://github.com/kubernetes/kubernetes/issues/118640
    - web: https://github.com/kubernetes/kubernetes/pull/118356
    - web: https://github.com/kubernetes/kubernetes/pull/118471
    - web: https://github.com/kubernetes/kubernetes/pull/118473
    - web: https://github.com/kubernetes/kubernetes/pull/118474
    - web: https://github.com/kubernetes/kubernetes/pull/118512
    - web: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
source:
    id: GHSA-cgcv-5272-97pr
    created: 2024-08-20T11:50:36.829643-04:00
review_status: UNREVIEWED
unexcluded: NOT_IMPORTABLE