CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.8%
A security issue was discovered in Kubernetes where a user that can
create pods on Windows nodes running kubernetes-csi-proxy may be able to
escalate to admin privileges on those nodes. Kubernetes clusters are
only affected if they include Windows nodes running
kubernetes-csi-proxy.
Vendor | Product | Version | CPE |
---|---|---|---|
kubernetes | csi_proxy | * | cpe:2.3:a:kubernetes:csi_proxy:*:*:*:*:*:*:*:* |
kubernetes | csi_proxy | 2.0.0 | cpe:2.3:a:kubernetes:csi_proxy:2.0.0:alpha0:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "csi-proxy",
"repo": "https://github.com/kubernetes-csi/csi-proxy",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v2.0.0-alpha.0"
},
{
"lessThanOrEqual": "v1.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v2.0.0-alpha.1"
},
{
"status": "unaffected",
"version": "v1.1.3"
}
]
}
]