118 matches found
CBL Mariner 2.0 Security Update: kubernetes (CVE-2023-5528)
The version of kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5528 advisory. - A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on...
PT-2024-10046 · Rancher +2 · Rke2 +3
Name of the Vulnerable Software and Affected Versions: Rancher Manager versions prior to v2.8.9 RKE2 versions prior to v1.27.15 RKE2 versions prior to v1.28.11 RKE2 versions prior to v1.29.6 RKE2 versions prior to v1.30.2 Description: The issue is related to incorrect permission assignment for a...
Kubelet: Privilege Escalation
Background Kubelet is a Kubernetes Node Agent. Description A vulnerability has been discovered in Kubelet. Please review the CVE identifier referenced below for details. Impact A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes...
GLSA-202405-31 : Kubelet: Privilege Escalation
The remote host is affected by the vulnerability described in GLSA-202405-31 Kubelet: Privilege Escalation - A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernet...
PT-2024-19165 · Rke2 +2 · Rke2 +2
Name of the Vulnerable Software and Affected Versions: Rancher versions 2.7.0 through 2.7.14 Rancher versions 2.8.0 through 2.8.7 Rancher versions 2.9.0 through 2.9.1 Description: A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a...
Fedora 38 : kubernetes (2023-39ecb65aaf)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-39ecb65aaf advisory. Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Additional bug and regressi...
Fedora 39 : kubernetes (2023-fbdb7e13df)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-fbdb7e13df advisory. Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Additional bug and regressi...
Fedora 37 : kubernetes (2023-6ad09ef90b)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6ad09ef90b advisory. Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Upstream change log at:...
Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
...
CVE-2023-5528
A flaw was found in Kubernetes, where a user who can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
Improper Input Validation
K8s.io/kubernetes is vulnerable to Improper Input Validation. The vulnerability exists due to insufficient input sanitization in the in-tree storage plugin for Windows nodes in mountwindows.go, allowing an attacker to bypass admin privileges on this node...
GHSA-HQ6Q-C2X6-HMCH Kubernetes Improper Input Validation vulnerability
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
AZL-32005 CVE-2023-5528 affecting package kubernetes for versions less than 1.28.4-1
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
AZL-34894 CVE-2023-5528 affecting package kubernetes for versions less than 1.28.7-2
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528 Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528 Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - HIGH 7.2 A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they ar...
Kubernetes Security Vulnerabilities
Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that stems from the fact that users who can create Pods and persistent volumes on Window...