What is the severity of REDHAT-BUG-2215555?

The severity of REDHAT-BUG-2215555 is considered critical due to the potential for pods to bypass seccomp profile enforcement.

How do I fix REDHAT-BUG-2215555?

To fix REDHAT-BUG-2215555, update your Kubernetes Kubelet to a patched version that properly enforces seccomp profiles.

Which versions of Kubelet are affected by REDHAT-BUG-2215555?

All versions of Kubernetes Kubelet that allow pods to specify an empty seccomp profile field are affected by REDHAT-BUG-2215555.

What does REDHAT-BUG-2215555 allow attackers to do?

REDHAT-BUG-2215555 allows attackers to run pods in an unconfined security context, potentially exposing the host to security risks.

Is there a workaround for REDHAT-BUG-2215555?

A temporary workaround for REDHAT-BUG-2215555 is to avoid using empty seccomp profile fields in your pod specifications.

Vulnerability/
REDHAT-BUG-2215555

low

16/6/2023

3/9/2024

REDHAT-BUG-2215555

First published: Fri Jun 16 2023(Updated: )

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. References: <a href="https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10">https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10</a> <a href="https://github.com/kubernetes/kubernetes/issues/118690">https://github.com/kubernetes/kubernetes/issues/118690</a>

Affected Software	Affected Version	How to fix
Kubernetes Kubelet

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2215555?
The severity of REDHAT-BUG-2215555 is considered critical due to the potential for pods to bypass seccomp profile enforcement.
How do I fix REDHAT-BUG-2215555?
To fix REDHAT-BUG-2215555, update your Kubernetes Kubelet to a patched version that properly enforces seccomp profiles.
Which versions of Kubelet are affected by REDHAT-BUG-2215555?
All versions of Kubernetes Kubelet that allow pods to specify an empty seccomp profile field are affected by REDHAT-BUG-2215555.
What does REDHAT-BUG-2215555 allow attackers to do?
REDHAT-BUG-2215555 allows attackers to run pods in an unconfined security context, potentially exposing the host to security risks.
Is there a workaround for REDHAT-BUG-2215555?
A temporary workaround for REDHAT-BUG-2215555 is to avoid using empty seccomp profile fields in your pod specifications.

agent/type
agent/first-publish-date
agent/severity
agent/references
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-2431
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/kubernetes
canonical/kubernetes kubelet

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.