CVE-2023-5408
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4.11 | v4.11.0-202311211130.p0.g7021090.assembly.stream < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | v4.12.0-202311021630.p0.gfe5e2a1.assembly.stream < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | v4.13.0-202310210425.p0.gd525f5d.assembly.stream < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | v4.14.0-202310201027.p0.g8b38d12.assembly.stream < * | unaffected |
Weaknesses
- CWE-269: Improper Privilege Management
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:5006
- https://access.redhat.com/errata/RHSA-2023:6130
- https://access.redhat.com/errata/RHSA-2023:6842
- https://access.redhat.com/errata/RHSA-2023:7479
- https://access.redhat.com/security/cve/CVE-2023-5408
- https://bugzilla.redhat.com/show_bug.cgi?id=2242173
- https://github.com/openshift/kubernetes/pull/1736
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2023:5006
- https://access.redhat.com/errata/RHSA-2023:6130
- https://access.redhat.com/errata/RHSA-2023:6842
- https://access.redhat.com/errata/RHSA-2023:7479
- https://access.redhat.com/security/cve/CVE-2023-5408
- https://bugzilla.redhat.com/show_bug.cgi?id=2242173
- https://github.com/openshift/kubernetes/pull/1736
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.