VDB
GO-2023-1892
GO-2023-1892
PUBLISHED
Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| k8s.io | kubernetes | 0, 1.25.0, 1.27.0 |
Timeline
- Aug 20, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/advisories/GHSA-cgcv-5272-97pr advisory
- http://www.openwall.com/lists/oss-security/2023/07/06/3 url
- https://github.com/kubernetes/kubernetes/issues/118640 url
- https://github.com/kubernetes/kubernetes/pull/118356 url
- https://github.com/kubernetes/kubernetes/pull/118471 url
- https://github.com/kubernetes/kubernetes/pull/118473 url
- https://github.com/kubernetes/kubernetes/pull/118474 url
- https://github.com/kubernetes/kubernetes/pull/118512 url
- https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 url