CVE-2023-3955

Improper Input Validation in go/github.com/kubernetes/client-go

Identifiers

CVE-2023-3955

Package Slug

go/github.com/kubernetes/client-go

Vulnerability

Improper Input Validation

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected Versions

All versions before 1.24.17, all versions starting from 1.25.0 before 1.25.13, all versions starting from 1.26.0 before 1.26.8, all versions starting from 1.27.0 before 1.27.5, all versions starting from 1.28.0 before 1.28.1

Solution

Upgrade to versions 1.24.17, 1.25.13, 1.26.8, 1.27.5, 1.28.1 or above.

Last Modified

2023-11-09

source