cbcvebase.
CVE-2023-3676
published 2023-10-31

CVE-2023-3676: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
11.67%
95.5th percentile
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected

20 ranges
VendorProductVersion rangeFixed in
debiankubernetes< kubernetes 1.20.5+really1.20.2-1 (bookworm)kubernetes 1.20.5+really1.20.2-1 (bookworm)
k8s.iokubernetes>= 0 < 1.24.171.24.17
k8s.iokubernetes>= 1.25.0 < 1.25.131.25.13
k8s.iokubernetes>= 1.26.0 < 1.26.81.26.8
k8s.iokubernetes>= 1.27.0 < 1.27.51.27.5
k8s.iokubernetes>= 1.28.0 < 1.28.11.28.1
kuberneteskubelet<= v1.24.16
kuberneteskubelet
kuberneteskubeletv1.25.0 – v1.25.12
kuberneteskubeletv1.26.0 – v1.26.7
kuberneteskubeletv1.27.0 – v1.27.4
kuberneteskubernetes< 1.24.171.24.17
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 1.25.0 < 1.25.131.25.13
kuberneteskubernetes>= 1.26.0 < 1.26.81.26.8
kuberneteskubernetes>= 1.27.0 < 1.27.51.27.5
kuberneteskubernetes>= 1.28.0 < 1.28.11.28.1

Detection & IOCsextracted from sources · hover to see the quote

  • Run the following command to detect if any Windows nodes are present in the cluster, which indicates exposure to this vulnerability.
  • ·Only Kubernetes clusters that include Windows nodes are affected by this privilege escalation vulnerability. Pure Linux clusters are not impacted.
  • ·The root cause is insufficient input sanitization on Windows nodes, allowing a pod-creating user to escalate to admin privileges on those nodes.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.