{"id":"CVE-2023-2727","details":"Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.","aliases":["GHSA-qc2g-gmh6-95p4","GO-2023-1891"],"modified":"2026-04-10T04:56:37.598424Z","published":"2023-07-03T21:15:09.480Z","related":["CGA-rwjh-jgjp-43j3","SUSE-SU-2023:2541-1","SUSE-SU-2023:2542-1","SUSE-SU-2023:2543-1","SUSE-SU-2023:2544-1","SUSE-SU-2023:3260-1","SUSE-SU-2024:3341-1","SUSE-SU-2024:3343-1","openSUSE-SU-2024:13003-1","openSUSE-SU-2024:13004-1","openSUSE-SU-2025:15424-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230803-0004/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/07/06/2"},{"type":"REPORT","url":"https://github.com/kubernetes/kubernetes/issues/118640"},{"type":"ARTICLE","url":"https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"0"},{"last_affected":"0018fa8af8ffaff22f36d3bd86289753ca61da81"},{"introduced":"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2"},{"last_affected":"e770bdbb87cccdc2daa790ecd69f40cf4df3cc9d"},{"introduced":"b46a3f887ca979b1a5d14fd39cb1af43e7e5d12d"},{"last_affected":"890a139214b4de1f01543d15003b5bda71aae9c7"},{"introduced":"1b4df30b3cdfeaba6024e81e559a6cd09a089d65"},{"last_affected":"7f6f68fdabc4df88cfea2dcf9a19b2b830f1e647"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.24.14"},{"introduced":"1.25.0"},{"last_affected":"1.25.10"},{"introduced":"1.26.0"},{"last_affected":"1.26.5"},{"introduced":"1.27.0"},{"last_affected":"1.27.2"}]}}],"versions":["v0.13.1-dev","v0.17.0","v1.1.0-alpha.0","v1.1.0-alpha.1","v1.10.0-alpha.0","v1.10.0-alpha.1","v1.10.0-alpha.2","v1.10.0-alpha.3","v1.11.0-alpha.0","v1.11.0-alpha.1","v1.11.0-alpha.2","v1.12.0-alpha.0","v1.12.0-alpha.1","v1.13.0-alpha.0","v1.13.0-alpha.1","v1.13.0-alpha.2","v1.13.0-alpha.3","v1.14.0-alpha.0","v1.14.0-alpha.1","v1.14.0-alpha.2","v1.14.0-alpha.3","v1.15.0-alpha.0","v1.15.0-alpha.1","v1.15.0-alpha.2","v1.15.0-alpha.3","v1.16.0-alpha.0","v1.16.0-alpha.1","v1.16.0-alpha.2","v1.16.0-alpha.3","v1.17.0-alpha.0","v1.17.0-alpha.1","v1.17.0-alpha.2","v1.17.0-alpha.3","v1.18.0-alpha.0","v1.18.0-alpha.1","v1.18.0-alpha.2","v1.18.0-alpha.4","v1.18.0-alpha.5","v1.19.0-alpha.0","v1.19.0-alpha.1","v1.19.0-alpha.2","v1.19.0-alpha.3","v1.19.0-beta.0","v1.19.0-beta.1","v1.19.0-beta.2","v1.2.0-alpha.1","v1.2.0-alpha.2","v1.2.0-alpha.3","v1.2.0-alpha.4","v1.2.0-alpha.5","v1.2.0-alpha.6","v1.2.0-alpha.7","v1.2.0-alpha.8","v1.20.0-alpha.0","v1.20.0-alpha.1","v1.20.0-alpha.2","v1.20.0-alpha.3","v1.20.0-beta.0","v1.20.0-beta.1","v1.20.0-beta.2","v1.21.0-alpha.0","v1.21.0-alpha.1","v1.21.0-alpha.2","v1.21.0-alpha.3","v1.21.0-beta.0","v1.21.0-beta.1","v1.22.0-alpha.0","v1.22.0-alpha.1","v1.22.0-alpha.2","v1.22.0-alpha.3","v1.22.0-beta.0","v1.22.0-beta.1","v1.22.0-beta.2","v1.23.0-alpha.0","v1.23.0-alpha.1","v1.23.0-alpha.2","v1.23.0-alpha.3","v1.23.0-alpha.4","v1.24.0","v1.24.0-alpha.0","v1.24.0-alpha.1","v1.24.0-alpha.2","v1.24.0-alpha.3","v1.24.0-alpha.4","v1.24.0-beta.0","v1.24.0-rc.0","v1.24.0-rc.1","v1.24.1","v1.24.1-rc.0","v1.24.10","v1.24.10-rc.0","v1.24.11","v1.24.11-rc.0","v1.24.12","v1.24.12-rc.0","v1.24.13","v1.24.14","v1.24.2","v1.24.2-rc.0","v1.24.3","v1.24.3-rc.0","v1.24.4","v1.24.4-rc.0","v1.24.5","v1.24.5-rc.0","v1.24.6","v1.24.6-rc.0","v1.24.7","v1.24.7-rc.0","v1.24.8","v1.24.8-rc.0","v1.24.9","v1.24.9-rc.0","v1.25.0","v1.25.0-alpha.0","v1.25.1","v1.25.1-rc.0","v1.25.10","v1.25.2","v1.25.2-rc.0","v1.25.3","v1.25.3-rc.0","v1.25.4","v1.25.4-rc.0","v1.25.5","v1.25.5-rc.0","v1.25.6","v1.25.6-rc.0","v1.25.7","v1.25.7-rc.0","v1.25.8","v1.25.8-rc.0","v1.25.9","v1.26.0","v1.26.1","v1.26.1-rc.0","v1.26.2","v1.26.2-rc.0","v1.26.3","v1.26.3-rc.0","v1.26.4","v1.26.5","v1.27.0","v1.27.1","v1.27.2","v1.3.0-alpha.0","v1.3.0-alpha.1","v1.3.0-alpha.2","v1.3.0-alpha.3","v1.3.0-alpha.4","v1.3.0-alpha.5","v1.4.0-alpha.1","v1.4.0-alpha.2","v1.4.0-alpha.3","v1.5.0-alpha.0","v1.5.0-alpha.1","v1.5.0-alpha.2","v1.6.0-alpha.0","v1.6.0-alpha.1","v1.6.0-alpha.2","v1.6.0-alpha.3","v1.7.0-alpha.0","v1.7.0-alpha.1","v1.7.0-alpha.2","v1.7.0-alpha.3","v1.7.0-alpha.4","v1.8.0-alpha.0","v1.8.0-alpha.1","v1.8.0-alpha.2","v1.8.0-alpha.3","v1.9.0-alpha.0","v1.9.0-alpha.1","v1.9.0-alpha.2","v1.9.0-alpha.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2727.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}]}