PT-2023-4576 · Unknown+2 · Kubernetes+1

James Sturtevant

Published

2023-08-23

Updated

2024-12-18

CVE-2023-3955

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)

Description A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-269

Related Identifiers

ALT-PU-2023-6188

ALT-PU-2023-6420

BDU:2023-04983

CVE-2023-3955

GHSA-Q78C-GWQW-JCMC

GO-2023-2170

OPENSUSE-SU-2024:14599-1

Affected Products

Alt Linux

Kubernetes

PT-2023-4576 · Unknown+2 · Kubernetes+1

CVE-2023-3955

Weakness Enumeration

Related Identifiers

Affected Products

References · 75