Kubelet vulnerable to bypass of seccomp profile enforcement
Moderate severity
GitHub Reviewed
Published
Jun 16, 2023
to the GitHub Advisory Database
•
Updated Dec 12, 2024
Package
Affected versions
< 1.24.14
>= 1.25.0, < 1.25.10
>= 1.26.0, < 1.26.5
>= 1.27.0, < 1.27.2
Patched versions
1.24.14
1.25.10
1.26.5
1.27.2
Description
Published by the National Vulnerability Database
Jun 16, 2023
Published to the GitHub Advisory Database
Jun 16, 2023
Reviewed
Jun 16, 2023
Last updated
Dec 12, 2024
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
References