Bug 2247163 (CVE-2023-5528)
Summary: | CVE-2023-5528 kubernetes: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | dfreiber, drow, jburrell, mcascell, rteague, security-response-team, ssoto, vkumar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kubernetes 1.25.16, kubernetes 1.26.11, kubernetes 1.27.8, kubernetes 1.28.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Kubernetes, where a user who can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2247165 |
Description
Avinash Hanwate
2023-10-31 03:36:39 UTC
Upstream issue: https://github.com/kubernetes/kubernetes/issues/121879 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:7662 https://access.redhat.com/errata/RHSA-2023:7662 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:7710 https://access.redhat.com/errata/RHSA-2023:7710 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:7709 https://access.redhat.com/errata/RHSA-2023:7709 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:0954 https://access.redhat.com/errata/RHSA-2024:0954 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1203 https://access.redhat.com/errata/RHSA-2024:1203 |