CVE-2023-3676

high

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

References

https://thecyberthrone.in/2024/03/16/kubernetes-command-injection-vulnerability-cve-2023-5529/

https://security.netapp.com/advisory/ntap-20231130-0007/

https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc

Details

Source: Mitre, NVD

Published: 2023-10-31

Updated: 2023-11-30

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H