CVE-2023-5528

EUVD-2023-2977
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
kubernetesCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
kuberneteskubernetes
1.8.0 ≤
𝑥
< 1.25.16
kuberneteskubernetes
1.26.0 ≤
𝑥
< 1.26.11
kuberneteskubernetes
1.27.0 ≤
𝑥
< 1.27.8
kuberneteskubernetes
1.28.0 ≤
𝑥
< 1.28.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kubernetes
bookworm
1.20.5+really1.20.2-1.1
fixed
bullseye
1.20.5+really1.20.2-1
fixed
sid
1.20.5+really1.20.2-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kubernetes
bionic
ignored
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://github.com/kubernetes/kubernetes/issues/121879
https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
https://github.com/kubernetes/kubernetes/issues/121879
https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/
https://security.netapp.com/advisory/ntap-20240119-0009/