Kubernetes - csi-proxy - Insufficient input sanitization leads to privilege escalation
CVE-2023-3893
8.8HIGH
What is CVE-2023-3893?
A security flaw has been identified in Kubernetes affecting environments where Windows nodes are running the kubernetes-csi-proxy. Specifically, users with the capability to create pods may exploit this vulnerability to escalate their privileges to admin-level access on the affected nodes. This issue emphasizes the need for diligent monitoring and management of permissions within Kubernetes clusters hosting Windows components.
Affected Version(s)
csi-proxy v2.0.0-alpha.0
csi-proxy 0
csi-proxy v2.0.0-alpha.1