CVE-2023-3955 – k8s.io/mount-utils

Package

Manager: go
Name: k8s.io/mount-utils
Vulnerable Version: >=0 <0.24.17

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

EPSS: 0.00579 pctl0.67921

Details

Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Metadata

Created: 2024-08-21T14:30:22Z
Modified: 2024-12-12T22:00:26Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F159
Auto approve: 1