8.8
CVE-2023-3955
- EPSS 0.76%
- Veröffentlicht 31.10.2023 21:15:08
- Zuletzt bearbeitet 13.02.2025 17:17:00
- Quelle jordan@liggitt.net
- CVE-Watchlists
- Unerledigt
LoginKubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kubernetes ≫ Kubernetes Version < 1.24.17
Kubernetes ≫ Kubernetes Version >= 1.25.0 < 1.25.13
Kubernetes ≫ Kubernetes Version >= 1.26.0 < 1.26.8
Kubernetes ≫ Kubernetes Version >= 1.27.0 < 1.27.5
Kubernetes ≫ Kubernetes Version >= 1.28.0 < 1.28.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.729 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| jordan@liggitt.net | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.