CVE-2023-0229 - Vulnerability Details - OpenCVE

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Openshift

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift:4.11:::::::*
	cpe:2.3:a:redhat:openshift:4.12:::::::*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.12
microshift-0:4.12.6-202303012057.p0.g50997a2.assembly.4.12.6.el8	cpe:/a:redhat:openshift:4.12::el8	RHBA-2023:1037	2023-03-07T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift-0:4.13.0-202304211155.p0.gb404935.assembly.stream.el9	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1325	2023-05-18T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2160349
https://github.com/advisories/GHSA-5465-xc2j-6p84
https://nvd.nist.gov/vuln/detail/CVE-2023-0229
https://www.cve.org/CVERecord?id=CVE-2023-0229

History

Tue, 01 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-01-25T00:00:00.000Z

Updated: 2025-04-01T15:07:42.482Z

Reserved: 2023-01-12T00:00:00.000Z

Link: CVE-2023-0229

Vulnrichment

Updated: 2024-08-02T05:02:44.191Z

NVD

Status : Modified

Published: 2023-01-26T21:18:06.900

Modified: 2025-04-01T15:15:57.390

Link: CVE-2023-0229

Redhat

Severity : Moderate

Publid Date: 2023-01-12T00:00:00Z

Links: CVE-2023-0229 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0229", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-04-01T15:07:42.482Z", "dateReserved": "2023-01-12T00:00:00.000Z", "datePublished": "2023-01-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-01-25T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify."}], "affected": [{"vendor": "n/a", "product": "github.com/openshift/apiserver-library-go", "versions": [{"version": "openshift/apiserver-library-go 4.11", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20", "cweId": "CWE-20"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.191Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T15:07:10.754445Z", "id": "CVE-2023-0229", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T15:07:42.482Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.191Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-0229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T15:07:10.754445Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T15:07:36.549Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "github.com/openshift/apiserver-library-go", "versions": [{"status": "affected", "version": "openshift/apiserver-library-go 4.11"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}], "descriptions": [{"lang": "en", "value": "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-01-25T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0229", "state": "PUBLISHED", "dateUpdated": "2025-04-01T15:07:42.482Z", "dateReserved": "2023-01-12T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-01-25T00:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:4.11:*:*:*:*:*:*:*", "matchCriteriaId": "275413B5-6C5D-4125-9396-0DAE614887E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "D6EE29F1-AE5C-4B2D-9C28-68D10F2DFCB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en github.com/openshift/apiserver-library-go, utilizado en OpenShift 4.12 y 4.11. Dicho fallo puede permitir a los usuarios con pocos privilegios configurar el perfil seccomp para los pods que controlan en \"unconfined\". De forma predeterminada, el perfil seccomp utilizado en la restricci\u00f3n de contexto (restricted-v2 Security Context Constraint, SCC) es \"runtime/default\", lo que permite a los usuarios deshabilitar seccomp para los pods que pueden crear y modificar."}], "id": "CVE-2023-0229", "lastModified": "2025-04-01T15:15:57.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-26T21:18:06.900", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2023:1037", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "microshift-0:4.12.6-202303012057.p0.g50997a2.assembly.4.12.6.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:1325", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-0:4.13.0-202304211155.p0.gb404935.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-18T00:00:00Z"}], "bugzilla": {"description": "openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions", "id": "2160349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160349"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify.", "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify."], "name": "CVE-2023-0229", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-apiserver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0229\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0229\nhttps://github.com/advisories/GHSA-5465-xc2j-6p84"], "statement": "This flaw does not affect OpenShift versions 4.10 and earlier.", "threat_severity": "Moderate"}