Kubernetes privilege escalation vulnerability

GHSA-7fxm-f474-hf8w · CVE-2023-3676 · GO-2023-2330

Published Oct 31, 2023 · Modified Feb 4, 2026

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-3676
WEB https://github.com/kubernetes/kubernetes/issues/119339
WEB https://github.com/kubernetes/kubernetes/pull/120127
WEB https://github.com/kubernetes/kubernetes/pull/120129
WEB https://github.com/kubernetes/kubernetes/pull/120130
WEB https://github.com/kubernetes/kubernetes/pull/120131
WEB https://github.com/kubernetes/kubernetes/pull/120132
WEB https://github.com/kubernetes/kubernetes/pull/120133
WEB https://github.com/kubernetes/kubernetes/commit/073f9ea33a93ddaecdc2e829150fb715f6387399
WEB https://github.com/kubernetes/kubernetes/commit/39cc101c7855341c651a943b9836b50fbace8a6b
WEB https://github.com/kubernetes/kubernetes/commit/74b617310c24ca84c2ec90c3858af745d65b5226
WEB https://github.com/kubernetes/kubernetes/commit/890483394221c8f22e88c48f86cd4eaf4de65fd6
WEB https://github.com/kubernetes/kubernetes/commit/a53faf5e17ed0b0771a605c6401ba4cbf297b59a
PACKAGE https://github.com/kubernetes/kubernetes
WEB https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc
WEB https://security.netapp.com/advisory/ntap-20231130-0007

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes