cvelistv5 - cve-2023-3893

CVE-2023-3893 (GCVE-0-2023-3893)

Vulnerability from cvelistv5

Published

2023-11-03 17:34

Modified

2025-02-13 17:02

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Summary

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.

References

URL

	Vendor	Product	Version
	Kubernetes	csi-proxy	Version: v2.0.0-alpha.0 Version: 0 ≤ v1.1.2

WID-SEC-W-2023-2163

Vulnerability from csaf_certbund

Published

2023-08-23 22:00

Modified

2023-11-27 23:00

Summary

Kubernetes: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Kubernetes ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- UNIX - Linux - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Kubernetes ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2163 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2163.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2163 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2163"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7515 vom 2023-11-27",
        "url": "https://access.redhat.com/errata/RHSA-2023:7515"
      },
      {
        "category": "external",
        "summary": "akamai-security-research/PoCs vom 2023-09-14",
        "url": "https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2023-3676"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4885 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4885"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4835 vom 2023-08-29",
        "url": "https://access.redhat.com/errata/RHSA-2023:4835"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4777 vom 2023-08-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:4777"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4780 vom 2023-08-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:4780"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-8F8DDB2428 vom 2023-08-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-8f8ddb2428"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-A3FCC0751F vom 2023-08-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a3fcc0751f"
      },
      {
        "category": "external",
        "summary": "GitHub Issue Kubernetes 119595 vom 2023-08-23",
        "url": "https://github.com/kubernetes/kubernetes/issues/119595"
      },
      {
        "category": "external",
        "summary": "GitHub Issue Kubernetes 119594 vom 2023-08-23",
        "url": "https://github.com/kubernetes/kubernetes/issues/119594"
      },
      {
        "category": "external",
        "summary": "GitHub Issue Kubernetes 119339 vom 2023-08-23",
        "url": "https://github.com/kubernetes/kubernetes/issues/119339"
      }
    ],
    "source_lang": "en-US",
    "title": "Kubernetes: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-27T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:36.721+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2163",
      "initial_release_date": "2023-08-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-08-24T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-08-28T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-29T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-30T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-09-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "PoC aufgenommen"
        },
        {
          "date": "2023-11-27T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.28.1",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.28.1",
                  "product_id": "T029521",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.28.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.27.5",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.27.5",
                  "product_id": "T029522",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.27.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.26.8",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.26.8",
                  "product_id": "T029523",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.26.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.25.13",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.25.13",
                  "product_id": "T029524",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.25.13"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.24.17",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.24.17",
                  "product_id": "T029525",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.24.17"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 2.0.0-alpha.1",
                "product": {
                  "name": "Open Source Kubernetes \u003c 2.0.0-alpha.1",
                  "product_id": "T029528",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:2.0.0-alpha.1:csi-proxy"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.1.3",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.1.3",
                  "product_id": "T029529",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.1.3:csi-proxy"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Kubernetes"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift",
                "product": {
                  "name": "Red Hat OpenShift",
                  "product_id": "367115",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.11",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.11",
                  "product_id": "T025990",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.11"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.12",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12",
                  "product_id": "T026435",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-3955",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Kubernetes. Dieser Fehler besteht aufgrund einer unzureichenden Eingabenbereinigung auf Windows-Knoten. Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "367115",
          "T026435",
          "T025990",
          "74185"
        ]
      },
      "release_date": "2023-08-23T22:00:00.000+00:00",
      "title": "CVE-2023-3955"
    },
    {
      "cve": "CVE-2023-3893",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Kubernetes. Dieser Fehler besteht aufgrund einer unzureichenden Eingabenbereinigung auf kubernetes-csi-proxy. Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "367115",
          "T026435",
          "T025990",
          "74185"
        ]
      },
      "release_date": "2023-08-23T22:00:00.000+00:00",
      "title": "CVE-2023-3893"
    },
    {
      "cve": "CVE-2023-3676",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Kubernetes. Dieser Fehler besteht aufgrund einer unzureichenden Eingabenbereinigung auf Windows-Knoten. Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "367115",
          "T026435",
          "T025990",
          "74185"
        ]
      },
      "release_date": "2023-08-23T22:00:00.000+00:00",
      "title": "CVE-2023-3676"
    }
  ]
}

wid-sec-w-2023-2163

Vulnerability from csaf_certbund

Published

2023-08-23 22:00

Modified

2023-11-27 23:00

Summary

Kubernetes: Mehrere Schwachstellen

Notes

Produktbeschreibung

Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Kubernetes ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- UNIX - Linux - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Kubernetes ist ein Werkzeug zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Kubernetes ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2163 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2163.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2163 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2163"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7515 vom 2023-11-27",
        "url": "https://access.redhat.com/errata/RHSA-2023:7515"
      },
      {
        "category": "external",
        "summary": "akamai-security-research/PoCs vom 2023-09-14",
        "url": "https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2023-3676"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4885 vom 2023-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4885"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4835 vom 2023-08-29",
        "url": "https://access.redhat.com/errata/RHSA-2023:4835"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4777 vom 2023-08-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:4777"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4780 vom 2023-08-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:4780"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-8F8DDB2428 vom 2023-08-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-8f8ddb2428"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-A3FCC0751F vom 2023-08-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a3fcc0751f"
      },
      {
        "category": "external",
        "summary": "GitHub Issue Kubernetes 119595 vom 2023-08-23",
        "url": "https://github.com/kubernetes/kubernetes/issues/119595"
      },
      {
        "category": "external",
        "summary": "GitHub Issue Kubernetes 119594 vom 2023-08-23",
        "url": "https://github.com/kubernetes/kubernetes/issues/119594"
      },
      {
        "category": "external",
        "summary": "GitHub Issue Kubernetes 119339 vom 2023-08-23",
        "url": "https://github.com/kubernetes/kubernetes/issues/119339"
      }
    ],
    "source_lang": "en-US",
    "title": "Kubernetes: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-27T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:36.721+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2163",
      "initial_release_date": "2023-08-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-08-24T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-08-28T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-29T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-08-30T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-09-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "PoC aufgenommen"
        },
        {
          "date": "2023-11-27T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.28.1",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.28.1",
                  "product_id": "T029521",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.28.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.27.5",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.27.5",
                  "product_id": "T029522",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.27.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.26.8",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.26.8",
                  "product_id": "T029523",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.26.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.25.13",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.25.13",
                  "product_id": "T029524",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.25.13"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.24.17",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.24.17",
                  "product_id": "T029525",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.24.17"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 2.0.0-alpha.1",
                "product": {
                  "name": "Open Source Kubernetes \u003c 2.0.0-alpha.1",
                  "product_id": "T029528",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:2.0.0-alpha.1:csi-proxy"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Kubernetes \u003c 1.1.3",
                "product": {
                  "name": "Open Source Kubernetes \u003c 1.1.3",
                  "product_id": "T029529",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:kubernetes:kubernetes:1.1.3:csi-proxy"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Kubernetes"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift",
                "product": {
                  "name": "Red Hat OpenShift",
                  "product_id": "367115",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.11",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.11",
                  "product_id": "T025990",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.11"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.12",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12",
                  "product_id": "T026435",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-3955",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Kubernetes. Dieser Fehler besteht aufgrund einer unzureichenden Eingabenbereinigung auf Windows-Knoten. Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "367115",
          "T026435",
          "T025990",
          "74185"
        ]
      },
      "release_date": "2023-08-23T22:00:00.000+00:00",
      "title": "CVE-2023-3955"
    },
    {
      "cve": "CVE-2023-3893",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Kubernetes. Dieser Fehler besteht aufgrund einer unzureichenden Eingabenbereinigung auf kubernetes-csi-proxy. Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "367115",
          "T026435",
          "T025990",
          "74185"
        ]
      },
      "release_date": "2023-08-23T22:00:00.000+00:00",
      "title": "CVE-2023-3893"
    },
    {
      "cve": "CVE-2023-3676",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Kubernetes. Dieser Fehler besteht aufgrund einer unzureichenden Eingabenbereinigung auf Windows-Knoten. Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "367115",
          "T026435",
          "T025990",
          "74185"
        ]
      },
      "release_date": "2023-08-23T22:00:00.000+00:00",
      "title": "CVE-2023-3676"
    }
  ]
}

gsd-2023-3893

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-3893

Aliases

CVE-2023-3893

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-3893",
    "id": "GSD-2023-3893"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-3893"
      ],
      "details": "A security issue was discovered in Kubernetes where a user that can \ncreate pods on Windows nodes running kubernetes-csi-proxy may be able to\n escalate to admin privileges on those nodes. Kubernetes clusters are \nonly affected if they include Windows nodes running \nkubernetes-csi-proxy.\n",
      "id": "GSD-2023-3893",
      "modified": "2023-12-13T01:20:55.286117Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@kubernetes.io",
        "ID": "CVE-2023-3893",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "csi-proxy",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "v2.0.0-alpha.0"
                              },
                              {
                                "lessThanOrEqual": "v1.1.2",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              },
                              {
                                "status": "unaffected",
                                "version": "v2.0.0-alpha.1"
                              },
                              {
                                "status": "unaffected",
                                "version": "v1.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Kubernetes"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "James Sturtevant"
        },
        {
          "lang": "en",
          "value": "Mark Rossetti"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security issue was discovered in Kubernetes where a user that can \ncreate pods on Windows nodes running kubernetes-csi-proxy may be able to\n escalate to admin privileges on those nodes. Kubernetes clusters are \nonly affected if they include Windows nodes running \nkubernetes-csi-proxy.\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/kubernetes/kubernetes/issues/119594",
            "refsource": "MISC",
            "url": "https://github.com/kubernetes/kubernetes/issues/119594"
          },
          {
            "name": "https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231221-0004/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231221-0004/"
          }
        ]
      },
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:kubernetes:csi_proxy:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1A1845E5-AD91-4083-8836-4C0E4547C5A4",
                    "versionEndIncluding": "1.1.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:kubernetes:csi_proxy:2.0.0:alpha0:*:*:*:*:*:*",
                    "matchCriteriaId": "2DE6A409-1AFC-4F71-B2C5-617DF484C393",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A security issue was discovered in Kubernetes where a user that can \ncreate pods on Windows nodes running kubernetes-csi-proxy may be able to\n escalate to admin privileges on those nodes. Kubernetes clusters are \nonly affected if they include Windows nodes running \nkubernetes-csi-proxy.\n"
          },
          {
            "lang": "es",
            "value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que puede crear pods en nodos de Windows que ejecutan kubernetes-csi-proxy puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si incluyen nodos de Windows que ejecutan kubernetes-csi-proxy."
          }
        ],
        "id": "CVE-2023-3893",
        "lastModified": "2023-12-21T22:15:14.160",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "jordan@liggitt.net",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-11-03T18:15:08.623",
        "references": [
          {
            "source": "jordan@liggitt.net",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://github.com/kubernetes/kubernetes/issues/119594"
          },
          {
            "source": "jordan@liggitt.net",
            "tags": [
              "Mailing List"
            ],
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ"
          },
          {
            "source": "jordan@liggitt.net",
            "url": "https://security.netapp.com/advisory/ntap-20231221-0004/"
          }
        ],
        "sourceIdentifier": "jordan@liggitt.net",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "jordan@liggitt.net",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

fkie_cve-2023-3893

Vulnerability from fkie_nvd

Published

2023-11-03 18:15

Modified

2025-08-01 02:05

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
jordan@liggitt.net	https://github.com/kubernetes/kubernetes/issues/119594	Issue Tracking, Vendor Advisory
jordan@liggitt.net	https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ	Mailing List
jordan@liggitt.net	https://security.netapp.com/advisory/ntap-20231221-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/kubernetes/kubernetes/issues/119594	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231221-0004/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	kubernetes	csi_proxy	*
	kubernetes	csi_proxy	2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kubernetes:csi_proxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1845E5-AD91-4083-8836-4C0E4547C5A4",
              "versionEndIncluding": "1.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:csi_proxy:2.0.0:alpha0:*:*:*:*:*:*",
              "matchCriteriaId": "2DE6A409-1AFC-4F71-B2C5-617DF484C393",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security issue was discovered in Kubernetes where a user that can \ncreate pods on Windows nodes running kubernetes-csi-proxy may be able to\n escalate to admin privileges on those nodes. Kubernetes clusters are \nonly affected if they include Windows nodes running \nkubernetes-csi-proxy."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que puede crear pods en nodos de Windows que ejecutan kubernetes-csi-proxy puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si incluyen nodos de Windows que ejecutan kubernetes-csi-proxy."
    }
  ],
  "id": "CVE-2023-3893",
  "lastModified": "2025-08-01T02:05:13.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "jordan@liggitt.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-03T18:15:08.623",
  "references": [
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kubernetes/kubernetes/issues/119594"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Mailing List"
      ],
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231221-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kubernetes/kubernetes/issues/119594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231221-0004/"
    }
  ],
  "sourceIdentifier": "jordan@liggitt.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "jordan@liggitt.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-r6cc-7wj7-gfx2

Vulnerability from github

Published

2023-11-03 18:30

Modified

2025-07-09 15:32

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation

Details

Kubernetes is vulnerable to privilege escalation when a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes-csi/csi-proxy/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-alpha.0"
            },
            {
              "fixed": "2.0.0-alpha.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0-alpha.0"
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.2"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes-csi/csi-proxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.0-rc1"
            },
            {
              "fixed": "1.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes-csi/csi-proxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20230821192013-2523e6674ded"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes-csi/csi-proxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.3-0"
            },
            {
              "fixed": "1.1.3-0.20230821192013-2523e6674ded"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-3893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-03T20:42:49Z",
    "nvd_published_at": "2023-11-03T18:15:08Z",
    "severity": "HIGH"
  },
  "details": "Kubernetes is vulnerable to privilege escalation when a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.",
  "id": "GHSA-r6cc-7wj7-gfx2",
  "modified": "2025-07-09T15:32:55Z",
  "published": "2023-11-03T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3893"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/119594"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-csi/csi-proxy/commit/0e83a68159111e4ee510f5aa56d47ba97bda60c7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes-csi/csi-proxy/commit/2523e6674dedf3de27f84235efec28555da24664"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes-csi/csi-proxy"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231221-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-3893 (GCVE-0-2023-3893)

Vulnerability from cvelistv5

WID-SEC-W-2023-2163

Vulnerability from csaf_certbund

wid-sec-w-2023-2163

Vulnerability from csaf_certbund

gsd-2023-3893

Vulnerability from gsd

fkie_cve-2023-3893

Vulnerability from fkie_nvd

ghsa-r6cc-7wj7-gfx2

Vulnerability from github

Tags

Sightings

Nomenclature