What is CVE-2023-3676?

CVE-2023-3676 is a vulnerability in Kubernetes that allows a user with the ability to create pods on Windows nodes to escalate to admin privileges on those nodes.

How does CVE-2023-3676 impact Kubernetes clusters?

CVE-2023-3676 only affects Kubernetes clusters that include Windows nodes.

What is the severity of CVE-2023-3676?

CVE-2023-3676 has a severity rating of 8.8 (High).

How can I fix CVE-2023-3676?

To fix CVE-2023-3676, it is recommended to update Kubernetes to a version that includes the necessary security patches.

Where can I find more information about CVE-2023-3676?

You can find more information about CVE-2023-3676 in the following references: 1. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4777) 2. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4780) 3. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4835)

Vulnerability/
CVE-2023-3676

high

8.8

CWE

28/7/2023

31/10/2023

2/8/2024

CVE-2023-3676: Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation

First published: Fri Jul 28 2023(Updated: )

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Credit: jordan@liggitt.net jordan@liggitt.net

Affected Software	Affected Version	How to fix
go/k8s.io/kubernetes	<1.24.17	1.24.17
go/k8s.io/kubernetes	>=1.25.0<1.25.13	1.25.13
go/k8s.io/kubernetes	>=1.26.0<1.26.8	1.26.8
go/k8s.io/kubernetes	>=1.27.0<1.27.5	1.27.5
go/k8s.io/kubernetes	=1.28.0	1.28.1
Kubernetes Kubernetes	<1.24.17
Kubernetes Kubernetes	>=1.25.0<1.25.13
Kubernetes Kubernetes	>=1.26.0<1.26.8
Kubernetes Kubernetes	>=1.27.0<1.27.5
Kubernetes Kubernetes	>=1.28.0<1.28.1
Microsoft Windows
All of
Any of
Kubernetes Kubernetes	<1.24.17
Kubernetes Kubernetes	>=1.25.0<1.25.13
Kubernetes Kubernetes	>=1.26.0<1.26.8
Kubernetes Kubernetes	>=1.27.0<1.27.5
Kubernetes Kubernetes	>=1.28.0<1.28.1
Microsoft Windows

Remedy

https://github.com/kubernetes/kubernetes/issues/119339

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-3676?
CVE-2023-3676 is a vulnerability in Kubernetes that allows a user with the ability to create pods on Windows nodes to escalate to admin privileges on those nodes.
How does CVE-2023-3676 impact Kubernetes clusters?
CVE-2023-3676 only affects Kubernetes clusters that include Windows nodes.
What is the severity of CVE-2023-3676?
CVE-2023-3676 has a severity rating of 8.8 (High).
How can I fix CVE-2023-3676?
To fix CVE-2023-3676, it is recommended to update Kubernetes to a version that includes the necessary security patches.
Where can I find more information about CVE-2023-3676?
You can find more information about CVE-2023-3676 in the following references: 1. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4777) 2. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4780) 3. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4835)

collector/oss-sec
alias/CVE-2023-3676
collector/github-advisory-latest
alias/GHSA-7fxm-f474-hf8w
collector/nvd-cve
collector/github-advisory
collector/nvd-api
agent/author
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
collector/redhat-bugzilla
source/Red Hat
agent/references
agent/tags
agent/severity
agent/remedy
agent/title
agent/event
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
package-manager/go
vendor/kubernetes
canonical/kubernetes kubernetes
version/kubernetes kubernetes/1.25.0
version/kubernetes kubernetes/1.26.0
version/kubernetes kubernetes/1.27.0
version/kubernetes kubernetes/1.28.0
vendor/microsoft
canonical/microsoft windows