We have released a new Security Release for Avisi Cloud Kubernetes, which contains fixes for CVE-2023-2728, CVE-2023-2727 and CVE-2023-2431. We recommend all our customers to upgrade their clusters to the latest patch version available to them at their convience. Please see our documentation on how to upgrade your cluster.
This release patches the following CVE's in Kubernetes:
- CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
- CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
- CVE-2023-2431: Bypass of seccomp profile enforcement
Affected Versions
This affects the following Avisi Cloud Kubernetes versions:
- Avisi Cloud Kubernetes v1.27.2-u-ame.3
- Avisi Cloud Kubernetes v1.26.5-u-ame.3
- Avisi Cloud Kubernetes v1.25.10-u-ame.3
- Avisi Cloud Kubernetes v1.24.13-u-ame.3
- Any Avisi Cloud Kubernetes before v1.24
Fixed Versions
- Avisi Cloud Kubernetes v1.27.3-u-ame.4
- Avisi Cloud Kubernetes v1.26.6-u-ame.3
- Avisi Cloud Kubernetes v1.25.11-u-ame.3
- Avisi Cloud Kubernetes v1.24.15-u-ame.3
Please see our release notes for the full changelog.