CVE-2023-3955
published 2023-10-31CVE-2023-3955: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.39%
87.3th percentile
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.20.5+really1.20.2-1 (bookworm) | kubernetes 1.20.5+really1.20.2-1 (bookworm) |
| k8s.io | kubernetes | >= 0 < 1.24.17 | 1.24.17 |
| k8s.io | kubernetes | >= 1.25.0 < 1.25.13 | 1.25.13 |
| k8s.io | kubernetes | >= 1.26.0 < 1.26.8 | 1.26.8 |
| k8s.io | kubernetes | >= 1.27.0 < 1.27.5 | 1.27.5 |
| k8s.io | kubernetes | >= 1.28.0 < 1.28.1 | 1.28.1 |
| k8s.io | mount-utils | >= 0 < 0.24.17 | 0.24.17 |
| k8s.io | mount-utils | >= 0.25.0 < 0.25.13 | 0.25.13 |
| k8s.io | mount-utils | >= 0.26.0 < 0.26.8 | 0.26.8 |
| k8s.io | mount-utils | >= 0.27.0 < 0.27.5 | 0.27.5 |
| k8s.io | mount-utils | >= 0.28.0 < 0.28.1 | 0.28.1 |
| kubernetes | kubelet | <= v1.24.16 | — |
| kubernetes | kubelet | — | — |
| kubernetes | kubelet | v1.25.0 – v1.25.12 | — |
| kubernetes | kubelet | v1.26.0 – v1.26.7 | — |
| kubernetes | kubelet | v1.27.0 – v1.27.4 | — |
| kubernetes | kubernetes | < 1.24.17 | 1.24.17 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 1.25.0 < 1.25.13 | 1.25.13 |
| kubernetes | kubernetes | >= 1.26.0 < 1.26.8 | 1.26.8 |
| kubernetes | kubernetes | >= 1.27.0 < 1.27.5 | 1.27.5 |
| kubernetes | kubernetes | >= 1.28.0 < 1.28.1 | 1.28.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
vendor_redhat·2023-08-23·CVSS 8.8
CVE-2023-3955 [HIGH] CWE-269 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes.
Statement: Kubernetes clusters are only affected if they include Windows nodes. Any Kubernetes environment with Windows nodes is impacted. Run kubectl get nodes -l kubernetes.io/os=windows to see if any Windows nodes are in use.
Debian
CVE-2023-3955: kubernetes - A security issue was discovered in Kubernetes where a user that can create pods...
vendor_debian·2023·CVSS 8.8
CVE-2023-3955 [HIGH] CVE-2023-3955: kubernetes - A security issue was discovered in Kubernetes where a user that can create pods...
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Scope: local
bookworm: resolved (fixed in 1.20.5+really1.20.2-1)
bullseye: resolved (fixed in 1.20.5+really1.20.2-1)
forky: resolved (fixed in 1.20.5+really1.20.2-1)
sid: resolved (fixed in 1.20.5+really1.20.2-1)
trixie: resolved (fixed in 1.20.5+really1.20.2-1)
OSV
Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
osv·2024-08-21
CVE-2023-3955 Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
OSV
Kubernetes privilege escalation vulnerability
osv·2023-10-31
CVE-2023-3955 [HIGH] Kubernetes privilege escalation vulnerability
Kubernetes privilege escalation vulnerability
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
GHSA
Kubernetes privilege escalation vulnerability
ghsa·2023-10-31
CVE-2023-3955 [HIGH] CWE-20 Kubernetes privilege escalation vulnerability
Kubernetes privilege escalation vulnerability
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
OSV
CVE-2023-3955: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those
osv·2023-10-31·CVSS 8.8
CVE-2023-3955 [HIGH] CVE-2023-3955: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
No detection rules found.
No public exploits indexed.
https://github.com/kubernetes/kubernetes/issues/119595https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83Ehttps://security.netapp.com/advisory/ntap-20231221-0002/https://github.com/kubernetes/kubernetes/issues/119595https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83Ehttps://security.netapp.com/advisory/ntap-20231221-0002/
2023-10-31
Published