Bug 2227126 (CVE-2023-3676)

Summary: CVE-2023-3676 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: dfreiber, jburrell, rogbas, rteague, security-response-team, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2227127    

Description Avinash Hanwate 2023-07-28 04:46:13 UTC
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those 
nodes. Kubernetes clusters are only affected if they include Windows nodes.

Any Kubernetes environment with Windows nodes is impacted. Run kubectl get nodes -l kubernetes.io/os=windows to see if any Windows nodes are in use.

Comment 3 errata-xmlrpc 2023-08-28 15:26:48 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:4777 https://access.redhat.com/errata/RHSA-2023:4777

Comment 4 errata-xmlrpc 2023-08-28 17:53:27 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:4780 https://access.redhat.com/errata/RHSA-2023:4780

Comment 5 errata-xmlrpc 2023-08-29 09:24:54 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2023:4835 https://access.redhat.com/errata/RHSA-2023:4835

Comment 6 errata-xmlrpc 2023-08-30 16:34:23 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:4885 https://access.redhat.com/errata/RHSA-2023:4885

Comment 7 errata-xmlrpc 2023-11-27 16:08:38 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:7515 https://access.redhat.com/errata/RHSA-2023:7515