Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ocTZxLWMyeDYtaG1jaM4AA3Ko
Kubernetes Improper Input Validation vulnerability
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
Permalink: https://github.com/advisories/GHSA-hq6q-c2x6-hmchJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocTZxLWMyeDYtaG1jaM4AA3Ko
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 14 days ago
Updated: 14 days ago
CVSS Score: 7.2
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-hq6q-c2x6-hmch, CVE-2023-5528
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-5528
- https://github.com/kubernetes/kubernetes/issues/121879
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
- https://github.com/kubernetes/kubernetes/pull/121881
- https://github.com/kubernetes/kubernetes/pull/121882
- https://github.com/kubernetes/kubernetes/pull/121883
- https://github.com/kubernetes/kubernetes/pull/121884
- https://github.com/kubernetes/kubernetes/pull/121885
- https://github.com/advisories/GHSA-hq6q-c2x6-hmch
Affected Packages
go:k8s.io/kubernetes
Versions: < 1.25.16, >= 1.26.0, < 1.26.11, >= 1.27.0, < 1.27.8, >= 1.28.0, < 1.28.4Fixed in: 1.25.16, 1.26.11, 1.27.8, 1.28.4