CVE-2023-2728 - OpenCVE

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kubernetes	Kubernetes
Redhat	Openshift Openshift Ironic

Configuration 1 [-]

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.14
buildah-1:1.29.1-10.1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
butane-0:0.19.0-1.1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
catch-0:3.3.2-1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
conmon-3:2.1.7-3.1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
containernetworking-plugins-0:1.0.1-11.1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
containers-common-2:1-51.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
container-selinux-3:2.221.0-1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
coreos-installer-0:0.17.0-1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
cri-o-0:1.27.1-8.1.rhaos4.14.git3fecb83.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
cri-tools-0:1.27.0-2.1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
crun-0:1.9.2-1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
crun-wasm-0:1.8.5-3.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
fmt-0:9.1.0-1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
golang-github-prometheus-promu-0:0.15.0-15.1.gitd5383c5.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
google-benchmark-0:1.8.2-1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
gtest-0:1.13.0-1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
haproxy-0:2.6.13-1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
ignition-0:2.16.2-1.1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
kata-containers-0:3.1.3-4.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
kernel-0:5.14.0-284.36.1.el9_2	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
kernel-rt-0:5.14.0-284.36.1.rt14.321.el9_2	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
nmstate-0:2.2.12-1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-0:4.14.0-202310210404.p0.gf67aeb3.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift4-aws-iso-0:4.14.0-202309272140.p0.gd2acdd5.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-ansible-0:4.14.0-202310062327.p0.gf781421.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-clients-0:4.14.0-202310191146.p0.g0c63f9d.assembly.stream.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-kuryr-0:4.14.0-202309272140.p0.g8926a29.assembly.stream.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openstack-ironic-1:21.5.0-0.20231002130534.0df5961.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openstack-ironic-inspector-0:11.5.0-0.20230706175125.193aa0d.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
openstack-ironic-python-agent-0:9.5.0-0.20230728140546.fce0b8c.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
ovn23.09-0:23.09.0-37.el9fdp	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
podman-3:4.4.1-10.1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-automaton-0:3.1.0-0.20230608140652.a4f7631.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-cinderclient-0:9.3.0-0.20230608143053.f7a612e.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-cliff-0:4.3.0-0.20230608150702.72e81d7.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-debtcollector-0:2.5.0-0.20230308172820.a6b46c5.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-decorator-0:4.4.2-6.0.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-dracclient-0:8.0.0-0.20230308200614.9c7499c.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-fixtures-0:4.0.1-1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-futurist-0:2.4.1-0.20230308173923.159d752.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-glanceclient-1:4.3.0-0.20230608143056.52fb6b2.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-hardware-0:0.30.0-0.20230308190813.f6ff0ed.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-ironic-lib-0:5.4.1-0.20230706172632.25d8671.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-ironic-prometheus-exporter-0:4.1.1-0.20230614150617.7b35627.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-keystoneauth1-0:5.2.0-0.20230608152518.2e40bbf.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-keystoneclient-1:5.1.0-0.20230608141554.4763cd8.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-keystonemiddleware-0:10.3.0-0.20230608151410.92cdf8a.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-openstacksdk-0:1.2.0-0.20230608155226.b7ff031.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-osc-lib-0:2.8.0-0.20230608151456.db9cdc9.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-cache-0:3.4.0-0.20230608153448.a720016.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-concurrency-0:5.1.1-0.20230706190204.0af5942.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-config-2:9.1.1-0.20230608145954.515daab.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-context-0:5.1.1-0.20230608143931.7696282.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-db-0:12.3.1-0.20230608142355.b689b63.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-i18n-0:6.0.0-0.20230608140652.03605c2.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-log-0:5.2.0-0.20230608150750.16a8a42.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-messaging-0:14.3.1-0.20230608152013.0602d1a.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-middleware-0:5.1.1-0.20230608145931.7725ac9.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-policy-0:4.2.0-0.20230608153320.93129eb.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-rootwrap-0:7.0.1-0.20230608144658.b72372b.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-serialization-0:5.1.1-0.20230608144505.b4be3a4.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-service-0:3.1.1-0.20230608145222.b3ba591.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-upgradecheck-0:2.1.1-0.20230608143829.eeedfc9.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-utils-0:6.1.0-0.20230608142355.d49d594.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-versionedobjects-0:3.1.0-0.20230608141554.b4ea834.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-osprofiler-0:3.4.3-0.20230308173821.3286301.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-os-service-types-0:1.7.0-0.20230308170555.0b2f473.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-os-traits-0:3.0.0-0.20230608152745.cff125c.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-pbr-0:5.11.1-0.1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-proliantutils-0:2.14.1-0.20230608154738.3de2844.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-pycadf-0:3.1.1-0.20230308171749.4179996.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-requestsexceptions-0:1.4.0-0.20230308170555.d7ac0ff.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-scciclient-0:0.12.3-0.20230308201513.0940a71.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-stevedore-0:5.1.0-0.20230608154210.2d99ccc.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-sushy-0:4.5.0-0.20230719180619.146ed33.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-sushy-oem-idrac-0:5.0.0-0.20230308202122.da9a0e4.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-swiftclient-0:4.3.0-0.20230608151934.236c277.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-tenacity-0:6.3.1-1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-tooz-0:4.1.0-0.20230608154038.d5bf20c.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
python-wrapt-0:1.14.1-1.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
runc-4:1.1.9-2.1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
rust-afterburn-0:5.4.3-1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
skopeo-2:1.11.2-10.1.rhaos4.14.el8	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
spdlog-0:1.12.0-1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
toolbox-0:0.1.2-1.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
wasmedge-0:0.12.1-2.rhaos4.14.el9	cpe:/a:redhat:openshift:4.14::el8	RHSA-2023:5009	2023-10-31T00:00:00Z
microshift-0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9	cpe:/a:redhat:openshift:4.14::el9	RHSA-2023:5008	2023-10-31T00:00:00Z
buildah-1:1.29.1-10.1.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
butane-0:0.19.0-1.1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
catch-0:3.3.2-1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
conmon-3:2.1.7-3.1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
containernetworking-plugins-0:1.0.1-11.1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
containers-common-2:1-51.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
container-selinux-3:2.221.0-1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
coreos-installer-0:0.17.0-1.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
cri-o-0:1.27.1-8.1.rhaos4.14.git3fecb83.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
cri-tools-0:1.27.0-2.1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
crun-0:1.9.2-1.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
crun-wasm-0:1.8.5-3.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
fmt-0:9.1.0-1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
golang-github-prometheus-promu-0:0.15.0-15.1.gitd5383c5.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
google-benchmark-0:1.8.2-1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
gtest-0:1.13.0-1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
haproxy-0:2.6.13-1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
ignition-0:2.16.2-1.1.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
kata-containers-0:3.1.3-4.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
kernel-0:5.14.0-284.36.1.el9_2	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
kernel-rt-0:5.14.0-284.36.1.rt14.321.el9_2	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
nmstate-0:2.2.12-1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-0:4.14.0-202310210404.p0.gf67aeb3.assembly.stream.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift4-aws-iso-0:4.14.0-202309272140.p0.gd2acdd5.assembly.stream.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-ansible-0:4.14.0-202310062327.p0.gf781421.assembly.stream.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-clients-0:4.14.0-202310191146.p0.g0c63f9d.assembly.stream.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openshift-kuryr-0:4.14.0-202309272140.p0.g8926a29.assembly.stream.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openstack-ironic-1:21.5.0-0.20231002130534.0df5961.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openstack-ironic-inspector-0:11.5.0-0.20230706175125.193aa0d.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
openstack-ironic-python-agent-0:9.5.0-0.20230728140546.fce0b8c.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
ovn23.09-0:23.09.0-37.el9fdp	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
podman-3:4.4.1-10.1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-automaton-0:3.1.0-0.20230608140652.a4f7631.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-cinderclient-0:9.3.0-0.20230608143053.f7a612e.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-cliff-0:4.3.0-0.20230608150702.72e81d7.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-debtcollector-0:2.5.0-0.20230308172820.a6b46c5.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-decorator-0:4.4.2-6.0.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-dracclient-0:8.0.0-0.20230308200614.9c7499c.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-fixtures-0:4.0.1-1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-futurist-0:2.4.1-0.20230308173923.159d752.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-glanceclient-1:4.3.0-0.20230608143056.52fb6b2.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-hardware-0:0.30.0-0.20230308190813.f6ff0ed.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-ironic-lib-0:5.4.1-0.20230706172632.25d8671.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-ironic-prometheus-exporter-0:4.1.1-0.20230614150617.7b35627.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-keystoneauth1-0:5.2.0-0.20230608152518.2e40bbf.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-keystoneclient-1:5.1.0-0.20230608141554.4763cd8.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-keystonemiddleware-0:10.3.0-0.20230608151410.92cdf8a.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-openstacksdk-0:1.2.0-0.20230608155226.b7ff031.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-osc-lib-0:2.8.0-0.20230608151456.db9cdc9.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-cache-0:3.4.0-0.20230608153448.a720016.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-concurrency-0:5.1.1-0.20230706190204.0af5942.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-config-2:9.1.1-0.20230608145954.515daab.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-context-0:5.1.1-0.20230608143931.7696282.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-db-0:12.3.1-0.20230608142355.b689b63.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-i18n-0:6.0.0-0.20230608140652.03605c2.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-log-0:5.2.0-0.20230608150750.16a8a42.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-messaging-0:14.3.1-0.20230608152013.0602d1a.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-middleware-0:5.1.1-0.20230608145931.7725ac9.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-policy-0:4.2.0-0.20230608153320.93129eb.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-rootwrap-0:7.0.1-0.20230608144658.b72372b.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-serialization-0:5.1.1-0.20230608144505.b4be3a4.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-service-0:3.1.1-0.20230608145222.b3ba591.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-upgradecheck-0:2.1.1-0.20230608143829.eeedfc9.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-utils-0:6.1.0-0.20230608142355.d49d594.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-oslo-versionedobjects-0:3.1.0-0.20230608141554.b4ea834.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-osprofiler-0:3.4.3-0.20230308173821.3286301.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-os-service-types-0:1.7.0-0.20230308170555.0b2f473.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-os-traits-0:3.0.0-0.20230608152745.cff125c.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-pbr-0:5.11.1-0.1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-proliantutils-0:2.14.1-0.20230608154738.3de2844.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-pycadf-0:3.1.1-0.20230308171749.4179996.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-requestsexceptions-0:1.4.0-0.20230308170555.d7ac0ff.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-scciclient-0:0.12.3-0.20230308201513.0940a71.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-stevedore-0:5.1.0-0.20230608154210.2d99ccc.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-sushy-0:4.5.0-0.20230719180619.146ed33.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-sushy-oem-idrac-0:5.0.0-0.20230308202122.da9a0e4.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-swiftclient-0:4.3.0-0.20230608151934.236c277.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-tenacity-0:6.3.1-1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-tooz-0:4.1.0-0.20230608154038.d5bf20c.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
python-wrapt-0:1.14.1-1.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
runc-4:1.1.9-2.1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
rust-afterburn-0:5.4.3-1.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
skopeo-2:1.11.2-10.1.rhaos4.14.el8	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
spdlog-0:1.12.0-1.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
toolbox-0:0.1.2-1.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z
wasmedge-0:0.12.1-2.rhaos4.14.el9	cpe:/a:redhat:openshift_ironic:4.14::el9	RHSA-2023:5009	2023-10-31T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/07/06/3
https://github.com/kubernetes/kubernetes/issues/118640
https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
https://nvd.nist.gov/vuln/detail/CVE-2023-2728
https://security.netapp.com/advisory/ntap-20230803-0004/
https://www.cve.org/CVERecord?id=CVE-2023-2728

History

No history.

MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2023-07-03T20:06:11.796Z

Updated: 2024-08-02T06:33:05.263Z

Reserved: 2023-05-16T00:32:00.189Z

Link: CVE-2023-2728

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-03T21:15:09.557

Modified: 2023-08-03T15:15:22.860

Link: CVE-2023-2728

Redhat

Severity : Moderate

Publid Date: 2023-06-15T04:00:00Z

Links: CVE-2023-2728 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object