Lucene search
KubernetesCVE-2023-3955HistoryOct 31, 2023 - 9:15 p.m.
CVE-2023-3955
2023-10-3121:15:08
CWE-20
kubernetes
web.nvd.nist.gov
221
20
cve-2023-3955
kubernetes
security issue
windows nodes
admin privileges
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.001
Percentile
33.8%
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
Affected configurations
Node
kuberneteskubernetesRange<1.24.17
ORkuberneteskubernetesRange1.25.0–1.25.13
ORkuberneteskubernetesRange1.26.0–1.26.8
ORkuberneteskubernetesRange1.27.0–1.27.5
ORkuberneteskubernetesRange1.28.0–1.28.1
microsoftwindowsMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| kubernetes | kubernetes | * | cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* |
| microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.28.0"
},
{
"lessThanOrEqual": "v1.27.4",
"status": "affected",
"version": "v1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.26.7",
"status": "affected",
"version": "v1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.25.12",
"status": "affected",
"version": "v1.25.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.28.1"
},
{
"status": "unaffected",
"version": "v1.27.5"
},
{
"status": "unaffected",
"version": "v1.26.8"
},
{
"status": "unaffected",
"version": "v1.25.13"
},
{
"status": "unaffected",
"version": "v1.24.17"
},
{
"lessThanOrEqual": "v1.24.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Social References
More
Related
osv
osv
CGA-xh7c-m4vq-qg86
2024-06-06 12:29:59
CGA-qv9r-w22w-39xx
2024-06-06 12:29:10
CGA-cwxq-5jvf-67wx
2024-06-06 12:26:58
prion
prion
Security feature bypass
2023-10-31 21:15:00
nvd
nvd
CVE-2023-3955
2023-10-31 21:15:08
cvelist
cvelist
debiancve
debiancve
CVE-2023-3955
2023-10-31 21:15:08
cgr
cgr
CVE-2023-3955 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Privilege Escalation
2023-11-01 10:01:52
redhatcve
redhatcve
CVE-2023-3955
2023-08-23 13:49:53
github
github
Kubernetes privilege escalation vulnerability
2023-10-31 21:32:35
wolfi
wolfi
CVE-2023-3955 vulnerabilities
2024-09-19 21:18:36
fedora
fedora
[SECURITY] Fedora 39 Update: kubernetes-1.27.5-1.fc39
2023-09-15 19:02:03
[SECURITY] Fedora 38 Update: kubernetes-1.26.8-1.fc38
2023-09-02 01:16:23
nessus
nessus
Fedora 39 : kubernetes (2023-8f8ddb2428)
2023-11-07 00:00:00
Fedora 38 : kubernetes (2023-a3fcc0751f)
2023-09-02 00:00:00
openvas
openvas
Fedora: Security Advisory (FEDORA-2023-8f8ddb2428)
2023-09-16 00:00:00
Fedora: Security Advisory for kubernetes (FEDORA-2023-a3fcc0751f)
2023-09-03 00:00:00
redhat
redhat
thn
thn
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.001
Percentile
33.8%
Related for CVE-2023-3955