Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

Affected Packages

Go k8s.io/kubernetes

Affected versions: 1.27.0 (fixed in 1.27.3)

Go k8s.io/kubernetes

Affected versions: 1.26.0 (fixed in 1.26.6)

Go k8s.io/kubernetes

Affected versions: 1.25.0 (fixed in 1.25.11)

Go k8s.io/kubernetes

Affected versions: 0 (fixed in 1.24.15)

Related CVEs

CVE-2023-2727

Key Information

GHSA ID

GHSA-qc2g-gmh6-95p4

Published

July 3, 2023 9:30 PM

Last Modified

February 13, 2025 7:00 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

k8s.io/kubernetes

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.