Security Issue in Kubernetes Clusters Affecting Admin Privileges
CVE-2023-5528
Key Information:
- Vendor
- Kubernetes
- Status
- Vendor
- CVE Published:
- 14 November 2023
Badges
Summary
A security issue has been discovered in Kubernetes that allows a user to escalate to admin privileges on Windows nodes by creating pods and persistent volumes. This vulnerability has a low probability of impact due to the relatively limited usage of Windows nodes and in-tree storage plugins. The vulnerability can be mitigated by updating the Kubelet to specific versions and monitoring audit logs for any suspicious activity. The severity of the vulnerability highlights the ongoing security challenges facing Kubernetes environments. The material includes details on how the vulnerability works, potential mitigations, and the importance of maintaining rigorous security practices. Additionally, the information emphasizes the importance of maintaining security vigilance and promptly addressing identified threats in Kubernetes environments.
Affected Version(s)
kubelet v1.28.0
kubelet v1.28.0
kubelet v1.27.0
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
BlogCVE-2023-5528Kubernetes CVE for Windows 2023 | CVE-2023-5528
This is the second Kubernetes CVE on Windows endpoints related to storage variables this year; though rated high, this has a low probability of impact
SecurityLab.ruCVE-2023-5528CVE-2023-5528: ваш кластер Kubernetes подвержен удалённому выполнению кода
Обновите свои системы, пока не стало слишком поздно.
KSOCCVE-2023-5528Kubernetes CVE for Windows 2023 | CVE-2023-5528
This is the second Kubernetes CVE on Windows endpoints related to storage variables this year; though rated high, this has a low probability of impact
References
EPSS Score
12% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved