CVE-2023-3955

EUVD-2023-2793
A security issue was discovered in Kubernetes where a user
 that can create pods on Windows nodes may be able to escalate to admin 
privileges on those nodes. Kubernetes clusters are only affected if they
 include Windows nodes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kubernetesCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
kuberneteskubelet
1.27.4 ≤
𝑥
≤ 1.27.4
kuberneteskubelet
1.26.7 ≤
𝑥
≤ 1.26.7
kuberneteskubelet
1.25.12 ≤
𝑥
≤ 1.25.12
kuberneteskubelet
𝑥
≤ 1.24.16
kuberneteskubernetes
𝑥
< 1.24.17
kuberneteskubernetes
1.25.0 ≤
𝑥
< 1.25.13
kuberneteskubernetes
1.26.0 ≤
𝑥
< 1.26.8
kuberneteskubernetes
1.27.0 ≤
𝑥
< 1.27.5
kuberneteskubernetes
1.28.0 ≤
𝑥
< 1.28.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kubernetes
bookworm
1.20.5+really1.20.2-1.1
fixed
bullseye
1.20.5+really1.20.2-1
fixed
sid
1.20.5+really1.20.2-1.1
fixed
Common Weakness Enumeration
References
https://github.com/kubernetes/kubernetes/issues/119595
https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
https://security.netapp.com/advisory/ntap-20231221-0002/
https://github.com/kubernetes/kubernetes/issues/119595
https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
https://security.netapp.com/advisory/ntap-20231221-0002/