CVE-2024-3177
Last modified
CVE-2024-3177 is a low-severity vulnerability rated 2.7/10 on the CVSS scale. A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. EPSS estimates a 2.22% chance of exploitation in the next 30 days.
Description
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2024-3177?
How severe is CVE-2024-3177?
How do I fix CVE-2024-3177?
Are you affected by CVE-2024-3177?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST