First published: Fri Jul 28 2023(Updated: )
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Credit: jordan@liggitt.net jordan@liggitt.net
Affected Software | Affected Version | How to fix |
---|---|---|
go/k8s.io/kubernetes | <1.24.17 | 1.24.17 |
go/k8s.io/kubernetes | >=1.25.0<1.25.13 | 1.25.13 |
go/k8s.io/kubernetes | >=1.26.0<1.26.8 | 1.26.8 |
go/k8s.io/kubernetes | >=1.27.0<1.27.5 | 1.27.5 |
go/k8s.io/kubernetes | =1.28.0 | 1.28.1 |
Kubernetes Kubernetes | <1.24.17 | |
Kubernetes Kubernetes | >=1.25.0<1.25.13 | |
Kubernetes Kubernetes | >=1.26.0<1.26.8 | |
Kubernetes Kubernetes | >=1.27.0<1.27.5 | |
Kubernetes Kubernetes | >=1.28.0<1.28.1 | |
Microsoft Windows | ||
All of | ||
Any of | ||
Kubernetes Kubernetes | <1.24.17 | |
Kubernetes Kubernetes | >=1.25.0<1.25.13 | |
Kubernetes Kubernetes | >=1.26.0<1.26.8 | |
Kubernetes Kubernetes | >=1.27.0<1.27.5 | |
Kubernetes Kubernetes | >=1.28.0<1.28.1 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3676 is a vulnerability in Kubernetes that allows a user with the ability to create pods on Windows nodes to escalate to admin privileges on those nodes.
CVE-2023-3676 only affects Kubernetes clusters that include Windows nodes.
CVE-2023-3676 has a severity rating of 8.8 (High).
To fix CVE-2023-3676, it is recommended to update Kubernetes to a version that includes the necessary security patches.
You can find more information about CVE-2023-3676 in the following references: 1. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4777) 2. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4780) 3. [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:4835)