CVE-2023-3955

A security issue was discovered in Kubernetes where a user
 that can create pods on Windows nodes may be able to escalate to admin 
privileges on those nodes. Kubernetes clusters are only affected if they
 include Windows nodes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kubernetesCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
kuberneteskubelet
1.27.4 ≤
𝑥
≤ 1.27.4
kuberneteskubelet
1.26.7 ≤
𝑥
≤ 1.26.7
kuberneteskubelet
1.25.12 ≤
𝑥
≤ 1.25.12
kuberneteskubelet
𝑥
≤ 1.24.16
kuberneteskubernetes
𝑥
< 1.24.17
kuberneteskubernetes
1.25.0 ≤
𝑥
< 1.25.13
kuberneteskubernetes
1.26.0 ≤
𝑥
< 1.26.8
kuberneteskubernetes
1.27.0 ≤
𝑥
< 1.27.5
kuberneteskubernetes
1.28.0 ≤
𝑥
< 1.28.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kubernetes
bullseye
1.20.5+really1.20.2-1
fixed
bookworm
1.20.5+really1.20.2-1.1
fixed
sid
1.20.5+really1.20.2-1.1
fixed
Common Weakness Enumeration
References
https://github.com/kubernetes/kubernetes/issues/119595
https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
https://security.netapp.com/advisory/ntap-20231221-0002/
https://github.com/kubernetes/kubernetes/issues/119595
https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
https://security.netapp.com/advisory/ntap-20231221-0002/