#VU83309 Permissions, Privileges, and Access Controls in Kubernetes - CVE-2023-5528
Vulnerability identifier: #VU83309
Vulnerability risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Kubernetes
Server applications /
Frameworks for developing and running applications
Vendor: Kubernetes
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A remote user with ability to create pods and persistent volumes on Windows nodes can obtain admin privileges on those nodes.
The vulnerability affects Kubernetes clusters only, if they are using an in-tree storage plugin for Windows nodes.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Kubernetes: 1.8.0 - 1.8.15, 1.9.0 - 1.9.11, 1.10.0 beta.1 - 1.19.16, 1.20.0 - 1.28.3
External links
https://github.com/kubernetes/kubernetes/issues/121879
https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
