CVE-2023-3676

Exploit

EPSS 35.69%
Veröffentlicht 31.10.2023 21:15:08
Zuletzt bearbeitet 13.02.2025 17:16:58
Quelle jordan@liggitt.net
Teams Watchlist Login
Unerledigt Login

A security issue was discovered in Kubernetes where a user
 that can create pods on Windows nodes may be able to escalate to admin 
privileges on those nodes. Kubernetes clusters are only affected if they
 include Windows nodes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version < 1.24.17

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.25.0 < 1.25.13

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.26.0 < 1.26.8

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.27.0 < 1.27.5

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.28.0 < 1.28.1

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	35.69%	0.969

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jordan@liggitt.net	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/kubernetes/kubernetes/issues/119339

Patch

Third Party Advisory

Exploit

Mitigation

https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc

Third Party Advisory

https://security.netapp.com/advisory/ntap-20231130-0007/

https://nvd.nist.gov/vuln/detail/CVE-2023-3676

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3676

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3676

EUVD