CVE-2023-3676
HIGHkubernetes <1.24.17, >=1.28.0 <1.28.1 - Privilege Escalation via Windows Pod Creation
Title source: llmDescription
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
References (3)
Core 3
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231130-0007/
Exploit, Mitigation, Patch, Third Party Advisory issue-tracking
https://github.com/kubernetes/kubernetes/issues/119339
Third Party Advisory mailing-list
https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc
Scores
CVSS v3
8.8
EPSS
0.1167
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (2)
k8s.io/kubernetes
1.28.0 - 1.28.1Go
kubernetes/kubernetes
< 1.24.17
Published
Oct 31, 2023
Tracked Since
Feb 18, 2026