Lucene search

GitHub Advisory DatabaseGHSA-HQ6Q-C2X6-HMCH

HistoryNov 14, 2023 - 9:31 p.m.

Kubernetes Improper Input Validation vulnerability

2023-11-1421:31:03

CWE-20

GitHub Advisory Database

github.com

kubernetes

windows

privilege escalation

vulnerability

in-tree storage plugin

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.5%

JSON

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Affected configurations

Vulners

Node

k8s.iokubernetesRange<1.25.16

k8s.iokubernetesRange<1.26.11

k8s.iokubernetesRange<1.27.8

k8s.iokubernetesRange<1.28.4

CPENameOperatorVersion
k8s.io/kuberneteslt1.25.16
k8s.io/kuberneteslt1.26.11
k8s.io/kuberneteslt1.27.8
k8s.io/kuberneteslt1.28.4

Name	Operator	Version
k8s.io/kubernetes	lt	1.25.16
k8s.io/kubernetes	lt	1.26.11
k8s.io/kubernetes	lt	1.27.8
k8s.io/kubernetes	lt	1.28.4

References

github.com/advisories/GHSA-hq6q-c2x6-hmch

github.com/kubernetes/kubernetes/issues/121879

github.com/kubernetes/kubernetes/pull/121881

github.com/kubernetes/kubernetes/pull/121882

github.com/kubernetes/kubernetes/pull/121883

github.com/kubernetes/kubernetes/pull/121884

github.com/kubernetes/kubernetes/pull/121885

groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA

lists.fedoraproject.org/archives/list/[email protected]/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/

lists.fedoraproject.org/archives/list/[email protected]/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/

lists.fedoraproject.org/archives/list/[email protected]/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/

nvd.nist.gov/vuln/detail/CVE-2023-5528

security.netapp.com/advisory/ntap-20240119-0009/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.5%

JSON

Related for GHSA-HQ6Q-C2X6-HMCH