CVE-2023-5528

Kubernetes Improper Input Validation vulnerability in go/k8s.io/kubernetes

Identifiers

GHSA-hq6q-c2x6-hmch, CVE-2023-5528

Package Slug

go/k8s.io/kubernetes

Vulnerability

Kubernetes Improper Input Validation vulnerability

Description

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Affected Versions

All versions before 1.25.16, all versions starting from 1.26.0 before 1.26.11, all versions starting from 1.27.0 before 1.27.8, all versions starting from 1.28.0 before 1.28.4

Solution

Upgrade to versions 1.27.8, 1.28.4, 1.25.16, 1.26.11 or above.

Last Modified

2023-11-16

source