Bug 13546

Please patch CVEs for package kubernetes version 1.25.4
  
INFO (CVEs are): kubernetes 1.25.4
 cves found
CVE-2023-2431
Desc: A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-2431
Severity: MEDIUM
CVE-2023-2727
Desc: Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.


Link: https://nvd.nist.gov/vuln/detail/CVE-2023-2727
Severity: MEDIUM
CVE-2023-2728
Desc: Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.


Link: https://nvd.nist.gov/vuln/detail/CVE-2023-2728
Severity: MEDIUM