Vulnerability Report: GO-2023-1549

CVE-2023-0229, GHSA-5465-xc2j-6p84
Affects: github.com/openshift/apiserver-library-go
Published: Feb 16, 2023
Modified: May 20, 2024

Low-privileged users can set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-5465-xc2j-6p84.

Affected Packages

Path

Go Versions

Symbols
github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/seccomp

before v0.0.0-20230119093715-30f75d79e424
3 unexported affected symbols
- strategy.ValidateContainer
- strategy.ValidatePod
- strategy.validateProfile

Aliases

CVE-2023-0229
GHSA-5465-xc2j-6p84

References

https://github.com/advisories/GHSA-5465-xc2j-6p84
https://github.com/openshift/apiserver-library-go/pull/97
https://github.com/openshift/apiserver-library-go/commit/30f75d79e424ca462c6de53ee8b93f91183763e6
https://vuln.go.dev/ID/GO-2023-1549.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL