CVE-2023-3893

2023-11-0318:15:08

Google

osv.dev

kubernetes

security

privilege escalation

windows nodes

csi proxy

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.3%

JSON

A security issue was discovered in Kubernetes where a user that can
create pods on Windows nodes running kubernetes-csi-proxy may be able to
escalate to admin privileges on those nodes. Kubernetes clusters are
only affected if they include Windows nodes running
kubernetes-csi-proxy.

CPENameOperatorVersion
csi-proxyeq1.1.0-alpha.0
csi-proxyeq1.1.0-beta
csi-proxyeq0.18.1
csi-proxyeq0.3
csi-proxyeqclient/v0.2.2
csi-proxyeq1.1.1-beta.0
csi-proxyeq1.2.0-alpha.1
csi-proxyeq0.2.0-rc1
csi-proxyeqclient/v1.0.2
csi-proxyeq1.0.0

Name	Operator	Version
csi-proxy	eq	1.1.0-alpha.0
csi-proxy	eq	1.1.0-beta
csi-proxy	eq	0.18.1
csi-proxy	eq	0.3
csi-proxy	eq	client/v0.2.2
csi-proxy	eq	1.1.1-beta.0
csi-proxy	eq	1.2.0-alpha.1
csi-proxy	eq	0.2.0-rc1
csi-proxy	eq	client/v1.0.2
csi-proxy	eq	1.0.0