Kubernetes Security Release - CVE-2023-2728, CVE-2023-2727 and CVE-2023-2431

We have released a new security release for Avisi Cloud Kubernetes

We have released a new Security Release for Avisi Cloud Kubernetes, which contains fixes for CVE-2023-2728, CVE-2023-2727 and CVE-2023-2431. We recommend all our customers to upgrade their clusters to the latest patch version available to them at their convience. Please see our documentation on how to upgrade your cluster.

This release patches the following CVE’s in Kubernetes:

• CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
• CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
• CVE-2023-2431: Bypass of seccomp profile enforcement

Affected Versions

This affects the following Avisi Cloud Kubernetes versions:

• Avisi Cloud Kubernetes <= v1.27.2-u-ame.3
• Avisi Cloud Kubernetes <= v1.26.5-u-ame.3
• Avisi Cloud Kubernetes <= v1.25.10-u-ame.3
• Avisi Cloud Kubernetes <= v1.24.13-u-ame.3
• Any Avisi Cloud Kubernetes before v1.24

Fixed Versions

• Avisi Cloud Kubernetes v1.27.3-u-ame.4
• Avisi Cloud Kubernetes v1.26.6-u-ame.3
• Avisi Cloud Kubernetes v1.25.11-u-ame.3
• Avisi Cloud Kubernetes v1.24.15-u-ame.3

Please see our release notes for the full changelog.