CVE-2023-3893

Summary

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.

Affected Software

VendorProductVersion RangeStatus
Kubernetescsi-proxyv2.0.0-alpha.0affected
Kubernetescsi-proxy0 <= v1.1.2affected
Kubernetescsi-proxyv2.0.0-alpha.1unaffected
Kubernetescsi-proxyv1.1.3unaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References