Vulnerability Report: GO-2023-1864
- CVE-2023-2431, GHSA-xc8m-28vv-4pjc
- Affects: k8s.io/kubernetes
- Published: Aug 20, 2024
- Modified: Aug 05, 2025
Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-xc8m-28vv-4pjc.
Affected Modules
-
PathGo Versions
-
before v1.24.14, from v1.25.0 before v1.25.10, from v1.26.0 before v1.26.5, from v1.27.0 before v1.27.2
Aliases
References
- https://github.com/advisories/GHSA-xc8m-28vv-4pjc
- https://github.com/kubernetes/kubernetes/issues/118690
- https://github.com/kubernetes/kubernetes/pull/117020
- https://github.com/kubernetes/kubernetes/pull/117116
- https://github.com/kubernetes/kubernetes/pull/117117
- https://github.com/kubernetes/kubernetes/pull/117118
- https://github.com/kubernetes/kubernetes/pull/117147
- https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10
- https://lists.fedoraproject.org/archives/list/[email protected]/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ
- https://lists.fedoraproject.org/archives/list/[email protected]/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G
- https://vuln.go.dev/ID/GO-2023-1864.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.