An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ocTZxLWMyeDYtaG1jaM4AA3Ko

Kubernetes Improper Input Validation vulnerability

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 14 days ago
Updated: 14 days ago

CVSS Score: 7.2
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-hq6q-c2x6-hmch, CVE-2023-5528

Affected Packages
Versions: < 1.25.16, >= 1.26.0, < 1.26.11, >= 1.27.0, < 1.27.8, >= 1.28.0, < 1.28.4
Fixed in: 1.25.16, 1.26.11, 1.27.8, 1.28.4