CVE-2023-3893

EPSS 3.76%
Published 03.11.2023 18:15:08
Last modified 01.08.2025 02:05:13
Source jordan@liggitt.net
Teams watchlist Login
Open Login

A security issue was discovered in Kubernetes where a user that can 
create pods on Windows nodes running kubernetes-csi-proxy may be able to
 escalate to admin privileges on those nodes. Kubernetes clusters are 
only affected if they include Windows nodes running 
kubernetes-csi-proxy.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Kubernetes ≫ Csi Proxy Version <= 1.1.2

Kubernetes ≫ Csi Proxy Version2.0.0 Updatealpha0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.76%	0.876

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jordan@liggitt.net	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/kubernetes/kubernetes/issues/119594

Vendor Advisory

Issue Tracking

https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ

Mailing List

https://security.netapp.com/advisory/ntap-20231221-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3893

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3893

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3893

EUVD