CVE-2023-3676 — Improper Input Validation in Kubernetes

CWE-20 — Improper Input Validation CWE-269 — Improper Privilege Management9 documents7 sources

Severity

8.8HIGHNVD

EPSS

40.7%

top 2.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubernetes K8s.io Kubernetes Kubernetes Kubelet

Timeline

PublishedOct 31

Latest updateAug 21

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶Gok8s.io/kubernetes1.28.0 — 1.28.1+4

▶NVDkubernetes/kubernetes1.25.0 — 1.25.13+4

▶Debiankubernetes/kubernetes< 1.20.5+really1.20.2-1+3

▶CVEListV5kubernetes/kubeletv1.27.0 — v1.27.4+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes↗2024-08-21

▶

OSV

Kubernetes privilege escalation vulnerability↗2023-10-31

▶

CVEList

Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation↗2023-10-31

▶

OSV

CVE-2023-3676: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those↗2023-10-31

▶

GHSA

Kubernetes privilege escalation vulnerability↗2023-10-31

▶

📋Vendor Advisories

Red Hat

kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation↗2023-08-23

▶

Debian

CVE-2023-3676: kubernetes - A security issue was discovered in Kubernetes where a user that can create pods...↗2023

▶