github - ghsa-7fxm-f474-hf8w

ghsa-7fxm-f474-hf8w

Vulnerability from github

Published

2023-10-31 21:32

Modified

2025-02-13 19:20

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Kubernetes privilege escalation vulnerability

Details

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "Go",
            name: "k8s.io/kubernetes",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "1.28.0",
                  },
                  {
                     fixed: "1.28.1",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
         versions: [
            "1.28.0",
         ],
      },
      {
         package: {
            ecosystem: "Go",
            name: "k8s.io/kubernetes",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "1.27.0",
                  },
                  {
                     fixed: "1.27.5",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Go",
            name: "k8s.io/kubernetes",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "1.26.0",
                  },
                  {
                     fixed: "1.26.8",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Go",
            name: "k8s.io/kubernetes",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "1.25.0",
                  },
                  {
                     fixed: "1.25.13",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Go",
            name: "k8s.io/kubernetes",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "1.24.17",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2023-3676",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-20",
      ],
      github_reviewed: true,
      github_reviewed_at: "2023-11-01T14:36:22Z",
      nvd_published_at: "2023-10-31T21:15:08Z",
      severity: "HIGH",
   },
   details: "A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.",
   id: "GHSA-7fxm-f474-hf8w",
   modified: "2025-02-13T19:20:54Z",
   published: "2023-10-31T21:32:35Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3676",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/issues/119339",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/pull/120127",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/pull/120129",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/pull/120130",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/pull/120131",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/pull/120132",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/pull/120133",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/commit/073f9ea33a93ddaecdc2e829150fb715f6387399",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/commit/39cc101c7855341c651a943b9836b50fbace8a6b",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/commit/74b617310c24ca84c2ec90c3858af745d65b5226",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/commit/890483394221c8f22e88c48f86cd4eaf4de65fd6",
      },
      {
         type: "WEB",
         url: "https://github.com/kubernetes/kubernetes/commit/a53faf5e17ed0b0771a605c6401ba4cbf297b59a",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/kubernetes/kubernetes",
      },
      {
         type: "WEB",
         url: "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc",
      },
      {
         type: "WEB",
         url: "https://security.netapp.com/advisory/ntap-20231130-0007",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
   summary: "Kubernetes privilege escalation vulnerability",
}

cve-2023-3676

Vulnerability from cvelistv5

Published

2023-10-31 20:22

Modified

2025-02-27 20:38

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://github.com/kubernetes/kubernetes/issues/119339	issue-tracking
	https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc	mailing-list
	https://security.netapp.com/advisory/ntap-20231130-0007/

Impacted products

	Vendor	Product	Version
	Kubernetes	kubelet	Version: v1.28.0 Version: v1.27.0 ≤ v1.27.4 Version: v1.26.0 ≤ v1.26.7 Version: v1.25.0 ≤ v1.25.12 Version: 0 ≤ v1.24.16

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:01:57.315Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "issue-tracking",
                     "x_transferred",
                  ],
                  url: "https://github.com/kubernetes/kubernetes/issues/119339",
               },
               {
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20231130-0007/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-3676",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-27T20:32:36.326293Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-27T20:38:37.768Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "kubelet",
               repo: "https://github.com/kubernetes/kubernetes",
               vendor: "Kubernetes",
               versions: [
                  {
                     status: "affected",
                     version: "v1.28.0",
                  },
                  {
                     lessThanOrEqual: "v1.27.4",
                     status: "affected",
                     version: "v1.27.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "v1.26.7",
                     status: "affected",
                     version: "v1.26.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "v1.25.12",
                     status: "affected",
                     version: "v1.25.0",
                     versionType: "semver",
                  },
                  {
                     status: "unaffected",
                     version: "v1.28.1",
                  },
                  {
                     status: "unaffected",
                     version: "v1.27.5",
                  },
                  {
                     status: "unaffected",
                     version: "v1.26.8",
                  },
                  {
                     status: "unaffected",
                     version: "v1.25.13",
                  },
                  {
                     status: "unaffected",
                     version: "v1.24.17",
                  },
                  {
                     lessThanOrEqual: "v1.24.16",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "reporter",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Tomer Peled",
            },
         ],
         datePublic: "2023-08-23T04:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.<br>",
                  },
               ],
               value: "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-233",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-233 Privilege Escalation",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-30T22:06:09.695Z",
            orgId: "a6081bf6-c852-4425-ad4f-a67919267565",
            shortName: "kubernetes",
         },
         references: [
            {
               tags: [
                  "issue-tracking",
               ],
               url: "https://github.com/kubernetes/kubernetes/issues/119339",
            },
            {
               tags: [
                  "mailing-list",
               ],
               url: "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20231130-0007/",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565",
      assignerShortName: "kubernetes",
      cveId: "CVE-2023-3676",
      datePublished: "2023-10-31T20:22:53.620Z",
      dateReserved: "2023-07-14T16:06:03.399Z",
      dateUpdated: "2025-02-27T20:38:37.768Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted