{"uuid": "fde5b828-e1d2-4e17-8a4c-ccb514ced99e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2728", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4329", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2728\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\n\ud83d\udccf Published: 2023-07-03T21:30:57Z\n\ud83d\udccf Modified: 2025-02-13T19:01:03Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-2728\n2. https://github.com/kubernetes/kubernetes/issues/118640\n3. https://github.com/kubernetes/kubernetes/pull/118356\n4. https://github.com/kubernetes/kubernetes/pull/118471\n5. https://github.com/kubernetes/kubernetes/pull/118473\n6. https://github.com/kubernetes/kubernetes/pull/118474\n7. https://github.com/kubernetes/kubernetes/pull/118512\n8. https://github.com/kubernetes/kubernetes\n9. https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8\n10. https://security.netapp.com/advisory/ntap-20230803-0004\n11. http://www.openwall.com/lists/oss-security/2023/07/06/3", "creation_timestamp": "2025-02-13T19:20:43.000000Z"}