CVE-2023-5528
HIGH severity · CVSS 7.2 · Improper input validation
7.2CVSS HIGH
Summary
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredHigh
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)20%
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://github.com/kubernetes/kubernetes/issues/121879 ↗
Additional information
- NVD record
- https://github.com/kubernetes/kubernetes/issues/121879Patch
- https://github.com/kubernetes/kubernetes/issues/121879Patch
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/Patch
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/Patch
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/Patch
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
- https://security.netapp.com/advisory/ntap-20240119-0009/Advisory