8.8
CVE-2023-5528
- EPSS 20.32%
- Published 14.11.2023 21:15:14
- Last modified 03.01.2025 19:42:12
- Source jordan@liggitt.net
- Teams watchlist Login
- Open Login
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
Data is provided by the National Vulnerability Database (NVD)
Kubernetes ≫ Kubernetes Version >= 1.8.0 < 1.25.16
Kubernetes ≫ Kubernetes Version >= 1.26.0 < 1.26.11
Kubernetes ≫ Kubernetes Version >= 1.27.0 < 1.27.8
Kubernetes ≫ Kubernetes Version >= 1.28.0 < 1.28.4
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.32% | 0.953 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| jordan@liggitt.net | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.