CVE-2023-2431
low-risk
Published 2023-06-16
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.4/10
Low
LOCAL
/ LOW complexity
Affected Products (2)
Affected Vendors
References (9)
Issue Tracking
https://github.com/kubernetes/kubernetes/issues/118690
Issue Tracking
https://github.com/kubernetes/kubernetes/issues/118690
Issue Tracking
https://github.com/kubernetes/kubernetes/issues/118690
20
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
7/34 · Low