CVE-2023-3955 HIGH

CVE-2023-3955: Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation

Vendor Kubernetes

Product kubelet

Weakness CWE-20 · Input validation

Published October 31, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Key dates

02Disclosure timeline

October 31, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3955

Related vulnerabilities

Identifiers

CVE CVE-2023-3955

CWE CWE-20

CVSS 8.8 / HIGH

Affected versions

Vendor Kubernetes

Product kubelet

Affected v1.28.0

Vendor Kubernetes

Product kubelet

Affected ≥ v1.27.0 and ≤ v1.27.4

Vendor Kubernetes

Product kubelet

Affected ≥ v1.26.0 and ≤ v1.26.7

Vendor Kubernetes

Product kubelet

Affected ≥ v1.25.0 and ≤ v1.25.12

Vendor Kubernetes

Product kubelet

Affected ≤ v1.24.16

CVE-2023-3955: Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation

01Description

02Disclosure timeline

03References

04Related CVE