TencentOS Server 4: kubernetes (TSSA-2024:0867)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0867 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CBL Mariner 2.0 Security Update: kubernetes (CVE-2023-5528)

The version of kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5528 advisory. - A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on...

GLSA-202405-31 : Kubelet: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202405-31 Kubelet: Privilege Escalation - A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernet...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to remote authentication attack due to Kubernetes Scheduler code ( CVE-2023-5528 )

Summary Kubernetes Scheduler code is used by IBM Cloud Pak for Data Scheduling as part of the scheduling binaries. CVE-2023-5528. Vulnerability Details CVEID:CVE-2023-5528 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to gain elevated privileges on the system, caused...

CVE-2023-5528 affecting package kubernetes for versions less than 1.28.7-2

CVE-2023-5528 affecting package kubernetes for versions less than 1.28.7-2. An upgraded version of the package is available that resolves this issue...

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. "The vulnerability allows remote code execution with SYSTEM privileges on all Windows...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.1 security update

The components for Red Hat OpenShift for Windows Containers 9.0.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update ...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 7.2.0 security update

An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

CVE-2023-5528 affecting package kubernetes for versions less than 1.28.4-1

CVE-2023-5528 affecting package kubernetes for versions less than 1.28.4-1. An upgraded version of the package is available that resolves this issue...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 6.0.3 security update

An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

Fedora 39 : kubernetes (2023-fbdb7e13df)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-fbdb7e13df advisory. Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Additional bug and regressi...

CVE-2023-5528

creationtimestamp| type| source ---|---|--- 2023-11-25 00:06:04+00:00| seen| https://t.me/arpsyndicate/555 2024-01-19 18:32:07+00:00| seen| https://t.me/ctinow/170330 2024-03-14 13:04:05+00:00| seen| https://t.me/thehackernews/4680 2024-03-14 14:30:07+00:00| seen| https://t.me/truesecator/5522...

Fedora 37 : kubernetes (2023-6ad09ef90b)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6ad09ef90b advisory. Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Upstream change log at:...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: kubernetes-dns-node-cache, spark-operator, prometheus-adapter, ip-masq-agent, aws-efs-csi-driver, nodetaint...

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, prometheus-adapter, aws-efs-csi-driver-fips, cluster-autoscaler-fips, nodetaint, kubernetes-dns-node-cache, aws-efs-csi-driver, spark-operator, ip-masq-agent...

CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...

CVE-2023-5528

CVE-2023-5528 : Kubernetes vulnerability where a user who can create pods and persistent volumes on Windows nodes may escalate to admin privileges on those nodes. Affected only if clusters use an in-tree storage plugin for Windows nodes. Root cause/impact described in the Initial Document; no exp...

Kubernetes: CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

Insufficient input sanitization in an in-tree storage plugin was found to lead to privilege escalation on Windows nodes. The issue was assigned CVE-2023-5528 and rated as a Tier 1 High severity vulnerability by the Kubernetes team, who verified the report and are working on a fix...