CVE-2023-3955: Improper Input Validation

October 31, 2023 (updated December 21, 2023)

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

References

github.com/kubernetes/kubernetes/issues/119595
groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
nvd.nist.gov/vuln/detail/CVE-2023-3955

Code Behaviors & Features

Detect and mitigate CVE-2023-3955 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →