8.8
CVE-2023-5528
- EPSS 20.32%
- Veröffentlicht 14.11.2023 21:15:14
- Zuletzt bearbeitet 03.01.2025 19:42:12
- Quelle jordan@liggitt.net
- Teams Watchlist Login
- Unerledigt Login
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kubernetes ≫ Kubernetes Version >= 1.8.0 < 1.25.16
Kubernetes ≫ Kubernetes Version >= 1.26.0 < 1.26.11
Kubernetes ≫ Kubernetes Version >= 1.27.0 < 1.27.8
Kubernetes ≫ Kubernetes Version >= 1.28.0 < 1.28.4
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.32% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| jordan@liggitt.net | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.