CVE-2023-5528
HIGHKubernetes 1.8.0-1.25.15 and 1.28.0-1.28.3 - Privilege Escalation via Windows In-Tree Storage Plugin
Title source: llmDescription
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
References (6)
Core 6
Core References
Patch, Release Notes
https://lists.fedoraproject.org/archives/list/[email protected]/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/
Patch, Release Notes
https://lists.fedoraproject.org/archives/list/[email protected]/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/
Patch, Release Notes
https://lists.fedoraproject.org/archives/list/[email protected]/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240119-0009/
Issue Tracking, Patch issue-tracking
https://github.com/kubernetes/kubernetes/issues/121879
Mailing List mailing-list
https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
Scores
CVSS v3
7.2
EPSS
0.1985
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (5)
fedoraproject/fedora
37
fedoraproject/fedora
38
fedoraproject/fedora
39
k8s.io/kubernetes
1.28.0 - 1.28.4Go
kubernetes/kubernetes
1.8.0 - 1.25.16
Published
Nov 14, 2023
Tracked Since
Feb 18, 2026