First published: Wed Oct 04 2023(Updated: )
A flaw was discovered in the node restriction admission plugin of the kubernetes api server of OpenShift. It could allow steering workloads from the control plane and etcd nodes onto a different worker node and gain higher credentials on the cluster.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
=4.11 | ||
=4.12 | ||
=4.13 | ||
=4.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5408 is a privilege escalation vulnerability in the node restriction admission plugin of the Kubernetes API server of OpenShift.
CVE-2023-5408 allows a remote attacker to modify the node role label, potentially steering workloads onto different worker nodes and gaining broader access to the cluster.
CVE-2023-5408 has a severity rating of 8.2 (high).
To fix CVE-2023-5408, you should apply the provided security patch from RedHat and update your OpenShift Container Platform to version 4.13.
You can find more information about CVE-2023-5408 in the RedHat Security Advisory (RHSA-2023:6130) and the associated CVE-2023-5408 and Bugzilla links.