CVE-2023-2431: Bypass of seccomp profile enforcement

3.4 CVSS

Description

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

Classification

CVE ID: CVE-2023-2431

CVSS Base Severity: LOW

CVSS Base Score: 3.4

Affected Products

Vendor: Kubernetes

Product: Kubernetes

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.26% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10
https://github.com/kubernetes/kubernetes/issues/118690
https://lists.fedoraproject.org/archives/list/[email protected]/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/
https://lists.fedoraproject.org/archives/list/[email protected]/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/

Timeline

2024-12-13 00:30:21 UTC
CVE

Bypass of seccomp profile enforcement