CVE-2023-3676

Aliases:GHSA-7fxm-f474-hf8wGO-2023-2330
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 31 Oct 2023, 20:22
Last modified:27 Feb 2025, 20:38

Vulnerability Summary

Overall Risk (default)
high
53/100
CVSS Score
8.8 HIGH
v3.1 (cve.org)
EPSS Score
40.74% HIGH
41% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

31 Oct 2023, 20:22
Published
Vulnerability first disclosed
27 Feb 2025, 20:38
Last Modified
Vulnerability information updated

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

CVSS Metrics

  • v3.1HIGHScore: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 40.74% Percentile: 97%

Techniques & Countermeasures

  • CWE-20Improper Input Validation

    The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

  • k8s.iokubernetes

    ≥ 1.27.0, < 1.27.5 | ≥ 1.26.0, < 1.26.8 | ≥ 1.25.0, < 1.25.13 | < 1.24.17 | ≥ 1.28.0, < 1.28.1

  • kuberneteskubelet

    v1.28.0 | ≥ v1.27.0, ≤ v1.27.4 | ≥ v1.26.0, ≤ v1.26.7 | ≥ v1.25.0, ≤ v1.25.12 | ≤ v1.24.16

  • kuberneteskubernetes

    < 1.24.17 | ≥ 1.25.0, < 1.25.13 | ≥ 1.26.0, < 1.26.8 | ≥ 1.27.0, < 1.27.5 | ≥ 1.28.0, < 1.28.1

References (18)