CVE-2023-3955 — Improper Input Validation in Kubernetes

CWE-20 — Improper Input Validation CWE-269 — Improper Privilege Management8 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.8%

top 26.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubernetes K8s.io Kubernetes K8s.io Mount-utils +1 more

Timeline

PublishedOct 31

Latest updateAug 21

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶Gok8s.io/kubernetes1.28.0 — 1.28.1+4

▶NVDkubernetes/kubernetes1.25.0 — 1.25.13+4

▶Debiankubernetes/kubernetes< 1.20.5+really1.20.2-1+3

▶CVEListV5kubernetes/kubeletv1.27.0 — v1.27.4+4

▶Gok8s.io/mount-utils0.25.0 — 0.25.13+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils↗2024-08-21

▶

OSV

Kubernetes privilege escalation vulnerability↗2023-10-31

▶

GHSA

Kubernetes privilege escalation vulnerability↗2023-10-31

▶

OSV

CVE-2023-3955: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those↗2023-10-31

▶

CVEList

Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation↗2023-10-31

▶

📋Vendor Advisories

Red Hat

kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation↗2023-08-23

▶

Debian

CVE-2023-3955: kubernetes - A security issue was discovered in Kubernetes where a user that can create pods...↗2023

▶