CVE-2023-5528

Summary

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Affected Software

VendorProductVersion RangeStatus
Kuberneteskubeletv1.28.0 <= v1.28.3affected
Kuberneteskubeletv1.27.0 <= v1.27.7affected
Kuberneteskubeletv1.26.0 <= v1.26.10affected
Kuberneteskubelet0 <= v1.25.15affected
Kuberneteskubeletv1.28.4unaffected
Kuberneteskubeletv1.27.8unaffected
Kuberneteskubeletv1.26.11unaffected
Kuberneteskubeletv1.25.16unaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References