发布时间: 2023年7月8日
修改时间: 2024年10月31日
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Local | Local |
| CVSS评分 | 5.5 | 5.5 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1494 | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | 2023年7月4日 |
| KylinSec-SA-2023-1502 | kubernetes security update | 2023年7月8日 |
| KylinSec-SA-2023-1503 | kubernetes security update | 2023年7月8日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.5.2 | kubernetes | Fixed |
| KY3.4-5A | kubernetes | Fixed |
| KY3.5.1 | kubernetes | Fixed |
