Vulnerability Description
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | >= 1.8.0, < 1.25.16 |
| Microsoft | Windows | - |
| Fedoraproject | Fedora | 37 |
Related Weaknesses (CWE)
References
- https://github.com/kubernetes/kubernetes/issues/121879Issue TrackingPatch
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzAMailing List
- https://github.com/kubernetes/kubernetes/issues/121879Issue TrackingPatch
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzAMailing List
- https://lists.fedoraproject.org/archives/list/[email protected]PatchRelease Notes
- https://lists.fedoraproject.org/archives/list/[email protected]PatchRelease Notes
- https://lists.fedoraproject.org/archives/list/[email protected]PatchRelease Notes
- https://security.netapp.com/advisory/ntap-20240119-0009/Third Party Advisory
FAQ
What is CVE-2023-5528?
CVE-2023-5528 is a vulnerability with a CVSS score of 7.2 (HIGH). A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters ...
How severe is CVE-2023-5528?
CVE-2023-5528 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5528?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Kubernetes, Microsoft Windows, Fedoraproject Fedora.