CVE-2023-2727
Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
6.5
MEDIUM
CVSS 3.1
EPSS 0.19%
Description
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
How to fix CVE-2023-2727
To remediate CVE-2023-2727, upgrade the affected package to a fixed version below.
- —upgrade to 1.20.5+really1.20.2-1 or later
- —upgrade to 1.27.3 or later
- —upgrade to 1.24.15 or later
Is CVE-2023-2727 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.20.5+really1.20.2-1
- >= 1.27.0, < 1.27.3
- from 0, < 1.24.15, >= 1.25.0, < 1.25.11, >= 1.26.0, < 1.26.6, >= 1.27.0, < 1.27.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |