CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.8%
Kubernetes is vulnerable to Privilege Escalation. The vulnerability is due to a lack of input sanitization on windows nodes which allows a user to escalate to admin privileges.
github.com/kubernetes/kubernetes/issues/119595
github.com/kubernetes/kubernetes/pull/120134/commits/53902ce5ede4fd5ba9e9679bd4ff91cdaf1c6d53
github.com/kubernetes/kubernetes/pull/120135/commits/acc29048e6df8dbbc902e2c8598989db5818f3a2
github.com/kubernetes/kubernetes/pull/120136/commits/cedd91c4fb4127d6cf38ea745646fa07420e245d
github.com/kubernetes/kubernetes/pull/120137/commits/aba7f53b0d033d4d3c1c62dceab725995729e13c
github.com/kubernetes/kubernetes/pull/120138/commits/5f89e4c983f0a55e6cc21ca05436496a208d8eb7
groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
security.netapp.com/advisory/ntap-20231221-0002/