A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
References
Link | Resource |
---|---|
https://github.com/kubernetes/kubernetes/issues/119595 | Exploit Mitigation Patch Third Party Advisory |
https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E | Technical Description |
https://security.netapp.com/advisory/ntap-20231221-0002/ |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Dec 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Nov 2023, 18:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* |
|
References | (MISC) https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E - Technical Description | |
References | (MISC) https://github.com/kubernetes/kubernetes/issues/119595 - Exploit, Mitigation, Patch, Third Party Advisory | |
CWE | CWE-20 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Kubernetes kubernetes
Kubernetes Microsoft windows Microsoft |
31 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-31 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3955
Mitre link : CVE-2023-3955
CVE.ORG link : CVE-2023-3955
JSON object : View
Products Affected
microsoft
- windows
kubernetes
- kubernetes
CWE
CWE-20
Improper Input Validation