GitHub Advisory DatabaseGHSA-Q78C-GWQW-JCMCKubernetes privilege escalation vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.9%
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| k8s.io/kubernetes | lt | 1.24.17 | |
| k8s.io/kubernetes | lt | 1.25.13 | |
| k8s.io/kubernetes | lt | 1.26.8 | |
| k8s.io/kubernetes | lt | 1.27.5 | |
| k8s.io/kubernetes | eq | 1.28.0 |
References
github.com/advisories/GHSA-q78c-gwqw-jcmc
github.com/kubernetes/kubernetes/commit/38c97fa67ed35f36e730856728c9e3807f63546a
github.com/kubernetes/kubernetes/commit/50334505cd27cbe7cf71865388f25a00e29b2596
github.com/kubernetes/kubernetes/commit/7da6d72c05dffb3b87e62e2bc8c3228ea12ba1b9
github.com/kubernetes/kubernetes/commit/b7547e28f898af37aa2f1107a49111f963250fe6
github.com/kubernetes/kubernetes/commit/c4e17abb04728e3a3f9bb26e727b0f978df20ec9
github.com/kubernetes/kubernetes/issues/119595
github.com/kubernetes/kubernetes/pull/120128
github.com/kubernetes/kubernetes/pull/120134
github.com/kubernetes/kubernetes/pull/120135
github.com/kubernetes/kubernetes/pull/120136
github.com/kubernetes/kubernetes/pull/120137
github.com/kubernetes/kubernetes/pull/120138
groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
nvd.nist.gov/vuln/detail/CVE-2023-3955
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.9%