CVE-2023-3955

Exploit

EPSS 0.79%
Veröffentlicht 31.10.2023 21:15:08
Zuletzt bearbeitet 13.02.2025 17:17:00
Quelle jordan@liggitt.net
Teams Watchlist Login
Unerledigt Login

A security issue was discovered in Kubernetes where a user
 that can create pods on Windows nodes may be able to escalate to admin 
privileges on those nodes. Kubernetes clusters are only affected if they
 include Windows nodes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version < 1.24.17

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.25.0 < 1.25.13

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.26.0 < 1.26.8

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.27.0 < 1.27.5

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.28.0 < 1.28.1

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.73

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jordan@liggitt.net	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/kubernetes/kubernetes/issues/119595

Patch

Third Party Advisory

Exploit

Mitigation

https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E

Technical Description

https://security.netapp.com/advisory/ntap-20231221-0002/

https://nvd.nist.gov/vuln/detail/CVE-2023-3955

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3955

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3955

EUVD