CVE-2023-5408 — Improper Privilege Management in Redhat Openshift Container Platform

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 33.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform

Timeline

PublishedNov 2

Latest updateNov 14

Description

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages0 packages

Also affects: Openshift Container Platform 4.11, 4.12, 4.13, 4.14

🔴Vulnerability Details

GHSA

GHSA-7664-m5hw-r7q8: A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift↗2023-11-02

▶

CVEList

Openshift: modification of node role labels↗2023-11-02

▶

📋Vendor Advisories

Microsoft

Openshift: modification of node role labels↗2023-11-14

▶

Red Hat

OpenShift: modification of node role labels↗2023-10-04

▶