Kubernetes: CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is an imported report from the email i have sent a month ago about a code injection vulnerability
The vulnerability was assigned as CVE-2023-5528
As a reference i have talked with Balaji from the k8 team.
Excerpts from the email chain that might be relevant:

“Just a quick update to let you know that we were able to reproduce the issue and are working on a fix. CVE-2023-5528 has been reserved for this issue. We’ll keep you updated on the next steps as we review the proposed fix.”

“Hi Tomer,
This is being rated as a Tier 1 High severity ($5,000) bounty.”

The vulnerability was verified and assigned a CVE by the k8 team

Impact

Code execution from kubelet context(SYSYTEM privileges) on all windows nodes on a cluster.