CVE-2023-3676: Improper Input Validation

October 31, 2023 (updated November 30, 2023)

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

References

github.com/kubernetes/kubernetes/issues/119339
groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc
nvd.nist.gov/vuln/detail/CVE-2023-3676

Detect and mitigate CVE-2023-3676 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →