A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
References
Link | Resource |
---|---|
https://github.com/kubernetes/kubernetes/issues/119339 | Exploit Mitigation Patch Third Party Advisory |
https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20231130-0007/ |
Configurations
Configuration 1 (hide)
AND |
|
History
30 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Nov 2023, 18:42
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc - Third Party Advisory | |
References | (MISC) https://github.com/kubernetes/kubernetes/issues/119339 - Exploit, Mitigation, Patch, Third Party Advisory | |
First Time |
Kubernetes kubernetes
Kubernetes Microsoft windows Microsoft |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* |
|
CWE | CWE-20 |
31 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-31 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3676
Mitre link : CVE-2023-3676
CVE.ORG link : CVE-2023-3676
JSON object : View
Products Affected
microsoft
- windows
kubernetes
- kubernetes
CWE
CWE-20
Improper Input Validation