CVE-2023-5528 – k8s.io/kubernetes

Package

Manager: go
Name: k8s.io/kubernetes
Vulnerable Version: >=1.28.0 <1.28.4 || >=1.27.0 <1.27.8 || >=1.26.0 <1.26.11 || >=0 <1.25.16

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.20817 pctl0.95391

Details

Kubernetes Improper Input Validation vulnerability A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Metadata

Created: 2023-11-14T21:31:03Z
Modified: 2024-09-06T16:58:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-hq6q-c2x6-hmch/GHSA-hq6q-c2x6-hmch.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-hq6q-c2x6-hmch
Finding: F184
Auto approve: 1