Vulnerability Description
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | < 1.24.17 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/kubernetes/kubernetes/issues/119595ExploitMitigationPatch
- https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83ETechnical Description
- https://security.netapp.com/advisory/ntap-20231221-0002/
- https://github.com/kubernetes/kubernetes/issues/119595ExploitMitigationPatch
- https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83ETechnical Description
- https://security.netapp.com/advisory/ntap-20231221-0002/
FAQ
What is CVE-2023-3955?
CVE-2023-3955 is a vulnerability with a CVSS score of 8.8 (HIGH). A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if ...
How severe is CVE-2023-3955?
CVE-2023-3955 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3955?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Kubernetes, Microsoft Windows.