CVE-2023-3676

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

References

Affected packages

Git / github.com/kubernetes/kubernetes

Affected ranges

Type

GIT

Repo

https://github.com/kubernetes/kubernetes

Events

Introduced

Fixed

22a9682c8fe855c321be75c5faacde343f909b04

Introduced

a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2

Fixed

5244794d27b4cc68290bc496b00e248857ac8b47

Introduced

b46a3f887ca979b1a5d14fd39cb1af43e7e5d12d

Fixed

395f0a2fdc940aeb9ab88849e8fa4321decbf6e1

Introduced

1b4df30b3cdfeaba6024e81e559a6cd09a089d65

Fixed

93e0d7146fb9c3e9f68aa41b2b4265b2fcdb0a4c

Introduced

855e7c48de7388eb330da0f8d9d2394ee818fb8d

Fixed

8dc49c4b984b897d423aab4971090e1879eb4f23

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.24.17"
        },
        {
            "introduced": "1.25.0"
        },
        {
            "fixed": "1.25.13"
        },
        {
            "introduced": "1.26.0"
        },
        {
            "fixed": "1.26.8"
        },
        {
            "introduced": "1.27.0"
        },
        {
            "fixed": "1.27.5"
        },
        {
            "introduced": "1.28.0"
        },
        {
            "fixed": "1.28.1"
        }
    ]
}

Affected versions

v1.*

v1.25.0

v1.25.1

v1.25.1-rc.0

v1.25.10

v1.25.11

v1.25.12

v1.25.2

v1.25.2-rc.0

v1.25.3

v1.25.3-rc.0

v1.25.4

v1.25.4-rc.0

v1.25.5

v1.25.5-rc.0

v1.25.6

v1.25.6-rc.0

v1.25.7

v1.25.7-rc.0

v1.25.8

v1.25.8-rc.0

v1.25.9

v1.26.0

v1.26.1

v1.26.1-rc.0

v1.26.2

v1.26.2-rc.0

v1.26.3

v1.26.3-rc.0

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.27.0

v1.27.1

v1.27.2

v1.27.3

v1.27.4

v1.28.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3676.json"