CVE-2023-5408 HIGH

CVE-2023-5408: Openshift: modification of node role labels

Weakness CWE-269
Published November 2, 2023
Last update November 7, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

Key dates

02Disclosure timeline

November 2, 2023 CVE published
November 7, 2025 Record updated

Related vulnerabilities

04Related CVE