Home > Vulnerability Database > CVE-2023-5528

Mend.io Vulnerability Database

CVE-2023-5528

Good to know:

Date: November 14, 2023

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Language: Go

Severity Score

7.2

Related Resources (19)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-5528

Url: https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ

Url: https://github.com/advisories/GHSA-hq6q-c2x6-hmch

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/

Url: https://security.netapp.com/advisory/ntap-20240119-0009

Url: https://github.com/kubernetes/kubernetes

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/

Url: https://github.com/kubernetes/kubernetes/issues/121879

Url: https://github.com/kubernetes/kubernetes/pull/121885

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7

Url: https://github.com/kubernetes/kubernetes/pull/121884

Url: https://github.com/kubernetes/kubernetes/pull/121883

Url: https://security.netapp.com/advisory/ntap-20240119-0009/

Url: https://github.com/kubernetes/kubernetes/pull/121882

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/

Url: https://github.com/kubernetes/kubernetes/pull/121881

Url: https://www.mend.io/vulnerability-database/CVE-2023-5528

Severity Score

7.2

Weakness Type (CWE)

Improper Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version k8s.io/kubernetes - v1.28.4;k8s.io/kubernetes - v1.27.8;k8s.io/kubernetes - v1.26.11;k8s.io/kubernetes - v1.25.16

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-5528

Good to know:

Date: November 14, 2023

Language: Go

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?