Vulnerability Database
Blog
FAQ
Docs
GO-2023-1891
See a problem?
Please try reporting it
to the source
first.
Source
https://pkg.go.dev/vuln/GO-2023-1891
Import Source
https://vuln.go.dev/ID/GO-2023-1891.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1891
Aliases
CVE-2023-2727
GHSA-qc2g-gmh6-95p4
Published
2024-08-20T20:31:35Z
Modified
2024-09-11T06:12:52.563592Z
Summary
kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
Details
kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
References
https://github.com/advisories/GHSA-qc2g-gmh6-95p4
https://nvd.nist.gov/vuln/detail/CVE-2023-2727
http://www.openwall.com/lists/oss-security/2023/07/06/2
https://github.com/kubernetes/kubernetes/issues/118640
https://github.com/kubernetes/kubernetes/pull/118356
https://github.com/kubernetes/kubernetes/pull/118471
https://github.com/kubernetes/kubernetes/pull/118473
https://github.com/kubernetes/kubernetes/pull/118474
https://github.com/kubernetes/kubernetes/pull/118512
https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8
Affected packages
Go
/
k8s.io/kubernetes
Package
Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.24.15
Introduced
1.25.0
Fixed
1.25.11
Introduced
1.26.0
Fixed
1.26.6
Introduced
1.27.0
Fixed
1.27.3
GO-2023-1891 - OSV