CVE-2023-3955
HIGHKubernetes < 1.24.17 and 1.28.0 - Privilege Escalation via Windows Pod Creation
Title source: llmDescription
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
References (3)
Core 3
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231221-0002/
Exploit, Mitigation, Patch, Third Party Advisory issue-tracking
https://github.com/kubernetes/kubernetes/issues/119595
Technical Description mailing-list
https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
Scores
CVSS v3
8.8
EPSS
0.0339
EPSS Percentile
87.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (2)
k8s.io/kubernetes
1.28.0 - 1.28.1Go
kubernetes/kubernetes
< 1.24.17
Published
Oct 31, 2023
Tracked Since
Feb 18, 2026