{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5528", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2023-10-11T16:12:14.212Z", "datePublished": "2023-11-14T20:32:08.411Z", "dateUpdated": "2024-09-06T14:18:44.918Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "kubelet", "repo": "https://github.com/kubernetes/kubernetes", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "v1.28.3", "status": "affected", "version": "v1.28.0", "versionType": "semver"}, {"lessThanOrEqual": "v1.27.7", "status": "affected", "version": "v1.27.0", "versionType": "semver"}, {"lessThanOrEqual": "v1.26.10", "status": "affected", "version": "v1.26.0", "versionType": "semver"}, {"lessThanOrEqual": "v1.25.15", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "v1.28.4"}, {"status": "unaffected", "version": "v1.27.8"}, {"status": "unaffected", "version": "v1.26.11"}, {"status": "unaffected", "version": "v1.25.16"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomer Peled"}], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."}], "value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2024-09-06T14:18:44.918Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://github.com/kubernetes/kubernetes/issues/121879"}, {"tags": ["mailing-list"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"}], "source": {"discovery": "EXTERNAL"}, "title": "Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.808Z"}, "title": "CVE Program Container", "references": [{"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/121879"}, {"tags": ["mailing-list", "x_transferred"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0009/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "25FFBC6E-DCE9-4596-8ABE-AC6B6564AA40", "versionEndExcluding": "1.25.16", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "28E3CB24-4305-4E08-AD34-D29AE795FA4A", "versionEndExcluding": "1.26.11", "versionStartIncluding": "1.26.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "45E6B088-8FC7-476A-A661-A9402F857C4A", "versionEndExcluding": "1.27.8", "versionStartIncluding": "1.27.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C9231AD-C3B9-4531-9052-0317AA506B0B", "versionEndExcluding": "1.28.4", "versionStartIncluding": "1.28.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que puede crear pods y vol\u00famenes persistentes en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si utilizan un complemento de almacenamiento en \u00e1rbol para nodos de Windows."}], "id": "CVE-2023-5528", "lastModified": "2025-01-03T19:42:12.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T21:15:14.123", "references": [{"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/kubernetes/kubernetes/issues/121879"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/kubernetes/kubernetes/issues/121879"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240119-0009/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Tomer Peled for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:7662", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v6.0.3-8", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7662", "cpe": "cpe:/a:redhat:openshift:4.11::el8", "package": "openshift4-wincw/windows-machine-config-rhel8-operator:6.0.3-9", "product_name": "Red Hat OpenShift Container Platform 4.11", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7710", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v7.2.0-29", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2023:7710", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4-wincw/windows-machine-config-rhel8-operator:7.2.0-30", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2023:7709", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v8.1.1-7", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2023:7709", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4-wincw/windows-machine-config-rhel9-operator:8.1.1-6", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2024:1203", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v9.0.1-15", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-03-07T00:00:00Z"}, {"advisory": "RHSA-2024:1203", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4-wincw/windows-machine-config-rhel9-operator:9.0.1-16", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-03-07T00:00:00Z"}, {"advisory": "RHSA-2024:1203", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4/windows-machine-config-operator-bundle:v9.0.1-15", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-03-07T00:00:00Z"}, {"advisory": "RHSA-2024:0954", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v10.15.0-43", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}, {"advisory": "RHSA-2024:0954", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4-wincw/windows-machine-config-rhel9-operator:10.15.0-46", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-02-27T00:00:00Z"}], "bugzilla": {"description": "kubernetes: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes", "id": "2247163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247163"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.", "A flaw was found in Kubernetes, where a user who can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."], "name": "CVE-2023-5528", "public_date": "2023-11-14T16:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5528\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5528\nhttps://github.com/kubernetes/kubernetes/issues/121879"], "statement": "Any Kubernetes environment with Windows nodes is impacted. Run kubectl get nodes -l kubernetes.io/os=windows to see if any Windows nodes are in use. \nKubernetes audit logs can be used to detect if this vulnerability is being exploited. Persistent Volume create events with local path fields containing special characters, which are a strong indication of exploitation.", "threat_severity": "Important", "upstream_fix": "kubernetes 1.25.16, kubernetes 1.26.11, kubernetes 1.27.8, kubernetes 1.28.4"}