8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.2%
K8s.io/kubernetes is vulnerable to Improper Input Validation. The vulnerability exists due to insufficient input sanitization in the in-tree storage plugin for Windows nodes in mount_windows.go
, allowing an attacker to bypass admin privileges on this node.
github.com/advisories/GHSA-hq6q-c2x6-hmch
github.com/kubernetes/kubernetes/commit/4c4c29805b52b8d3e4a040bf8093150720af240e
github.com/kubernetes/kubernetes/commit/620bc81d9780d27a94621922fc855e561f274b45
github.com/kubernetes/kubernetes/commit/b74a5202dbbe0081601c6571dd1958b559ff6e19
github.com/kubernetes/kubernetes/commit/ceeb19882f205755795d469e256794fac0d9f54a
github.com/kubernetes/kubernetes/commit/f4efd127cd60498e7941867098226b38d4ee5ed5
github.com/kubernetes/kubernetes/issues/121879
github.com/kubernetes/kubernetes/pull/121881
github.com/kubernetes/kubernetes/pull/121882
github.com/kubernetes/kubernetes/pull/121883
github.com/kubernetes/kubernetes/pull/121884
groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
lists.fedoraproject.org/archives/list/[email protected]/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/
lists.fedoraproject.org/archives/list/[email protected]/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/
lists.fedoraproject.org/archives/list/[email protected]/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/
security.netapp.com/advisory/ntap-20240119-0009/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.2%