CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
26.8%
github.com/kubernetes-csi/csi-proxy is vulnerable to Privilege Escalation. The vulnerability is caused by insufficient input sanitization while constructing different commands from the input string passed to different functions implemented in pkg/os/volume/api.go
and pkg/os/volume/api.go
. A user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges due to this flaw. Kubernetes clusters with Windows nodes running kubernetes-csi-proxy are only affected.
discuss.kubernetes.io/t/security-advisory-cve-2023-3893-insufficient-input-sanitization-on-kubernetes-csi-proxy-leads-to-privilege-escalation/25206
github.com/advisories/GHSA-r6cc-7wj7-gfx2
github.com/kubernetes-csi/csi-proxy/commit/0e83a68159111e4ee510f5aa56d47ba97bda60c7
github.com/kubernetes-csi/csi-proxy/commit/fa8a3d6d5b67af4f5b265eb6a0ee568ac6ebb69c
github.com/kubernetes/kubernetes/issues/119594
groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ
security.netapp.com/advisory/ntap-20231221-0004/