CVE-2023-5528

moderate-risk
Published 2023-11-14

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Do I need to act?

!
18.5% chance of exploitation in next 30 days
EPSS score — higher than 81% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Fedoraproject Kubernetes

References (8)

Issue Tracking https://github.com/kubernetes/kubernetes/issues/121879
Mailing List https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
Issue Tracking https://github.com/kubernetes/kubernetes/issues/121879
Mailing List https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
Patch https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Patch https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Patch https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory https://security.netapp.com/advisory/ntap-20240119-0009/
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 13/34 · Low
Exposure 10/34 · Low