CVE-2023-3955

Exploit

EPSS 0.79%
Published 31.10.2023 21:15:08
Last modified 13.02.2025 17:17:00
Source jordan@liggitt.net
Teams watchlist Login
Open Login

A security issue was discovered in Kubernetes where a user
 that can create pods on Windows nodes may be able to escalate to admin 
privileges on those nodes. Kubernetes clusters are only affected if they
 include Windows nodes.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version < 1.24.17

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.25.0 < 1.25.13

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.26.0 < 1.26.8

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.27.0 < 1.27.5

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.28.0 < 1.28.1

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.79%	0.73

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jordan@liggitt.net	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/kubernetes/kubernetes/issues/119595

Patch

Third Party Advisory

Exploit

Mitigation

https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E

Technical Description

https://security.netapp.com/advisory/ntap-20231221-0002/

https://nvd.nist.gov/vuln/detail/CVE-2023-3955

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3955

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3955

EUVD