CVE-2023-5528

Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to 1.28.4 Kubernetes versions prior to 1.27.8 Kubernetes versions prior to 1.26.11 Kubernetes versions prior to 1.25.16

Description A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. The vulnerability is related to insufficient input validation in the in-tree storage plugin for Windows nodes, which can lead to remote code execution with SYSTEM privileges on Windows endpoints. This issue affects Kubernetes clusters that use an in-tree storage plugin for Windows nodes.

Recommendations For Kubernetes versions prior to 1.28.4, update to version 1.28.4 or later. For Kubernetes versions prior to 1.27.8, update to version 1.27.8 or later. For Kubernetes versions prior to 1.26.11, update to version 1.26.11 or later. For Kubernetes versions prior to 1.25.16, update to version 1.25.16 or later. As a temporary workaround, consider restricting access to the in-tree storage plugin for Windows nodes until a patch is available.