CVE-2023-3676

Improper Input Validation in go/github.com/kubernetes/kubelet

Identifiers

CVE-2023-3676

Package Slug

go/github.com/kubernetes/kubelet

Vulnerability

Improper Input Validation

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected Versions

All versions before 1.24.17, all versions starting from 1.25.0 before 1.25.13, all versions starting from 1.26.0 before 1.26.8, all versions starting from 1.27.0 before 1.27.5, all versions starting from 1.28.0 before 1.28.1

Solution

Upgrade to versions 1.24.17, 1.25.13, 1.26.8, 1.27.5, 1.28.1 or above.

Last Modified

2023-11-09

source