VYPR

rpm package

suse/kubernetes1.23&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

pkg:rpm/suse/kubernetes1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Vulnerabilities (5)

  • CVE-2023-2728Jul 3, 2023
    affected < 1.23.17-150300.7.9.1fixed 1.23.17-150300.7.9.1

    Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s se

  • CVE-2023-2727Jul 3, 2023
    affected < 1.23.17-150300.7.9.1fixed 1.23.17-150300.7.9.1

    Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

  • CVE-2021-25749May 24, 2023
    affected < 1.23.17-150300.7.6.1fixed 1.23.17-150300.7.6.1

    Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

  • CVE-2022-3294Mar 1, 2023
    affected < 1.23.17-150300.7.6.1fixed 1.23.17-150300.7.6.1

    Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint

  • CVE-2022-3162Mar 1, 2023
    affected < 1.23.17-150300.7.6.1fixed 1.23.17-150300.7.6.1

    Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomRes