CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/121879	Issue Tracking Patch
https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA	Mailing List
https://github.com/kubernetes/kubernetes/issues/121879	Issue Tracking Patch
https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA	Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/	Patch Release Notes
https://lists.fedoraproject.org/archives/list/[email protected]/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/	Patch Release Notes
https://lists.fedoraproject.org/archives/list/[email protected]/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/	Patch Release Notes
https://security.netapp.com/advisory/ntap-20240119-0009/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

History

No history.

Information

Published : 2023-11-14 21:15

Updated : 2025-01-03 19:42

NVD link : CVE-2023-5528

Mitre link : CVE-2023-5528

CVE.ORG link : CVE-2023-5528

JSON object : View

Products Affected

microsoft

windows

kubernetes

kubernetes

fedoraproject

fedora

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2023-5528", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-11-14T21:15:14.123", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/121879", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA", "tags": ["Mailing List"], "source": "[email protected]"}, {"url": "https://github.com/kubernetes/kubernetes/issues/121879", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/", "tags": ["Patch", "Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/", "tags": ["Patch", "Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/", "tags": ["Patch", "Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0009/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que puede crear pods y vol\u00famenes persistentes en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si utilizan un complemento de almacenamiento en \u00e1rbol para nodos de Windows."}], "lastModified": "2025-01-03T19:42:12.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25FFBC6E-DCE9-4596-8ABE-AC6B6564AA40", "versionEndExcluding": "1.25.16", "versionStartIncluding": "1.8.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28E3CB24-4305-4E08-AD34-D29AE795FA4A", "versionEndExcluding": "1.26.11", "versionStartIncluding": "1.26.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45E6B088-8FC7-476A-A661-A9402F857C4A", "versionEndExcluding": "1.27.8", "versionStartIncluding": "1.27.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C9231AD-C3B9-4531-9052-0317AA506B0B", "versionEndExcluding": "1.28.4", "versionStartIncluding": "1.28.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}