CVE-2023-3893
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-3893
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3893.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-3893
- Aliases
- Downstream
- Published
- 2023-11-03T18:15:08Z
- Modified
- 2025-10-22T18:19:49.125145Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.
- References
Affected packages
Git / github.com/kubernetes-csi/csi-proxy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kubernetes-csi/csi-proxy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
client/v0.*
client/v0.2.0
client/v0.2.1
client/v0.2.2
client/v1.*
client/v1.0.0
client/v1.0.0-rc.1
client/v1.0.1
client/v1.0.2
client/v1.1.0
client/v1.1.1
client/v1.1.2
v0.*
v0.1.0
v0.1.0-rc1
v0.2.0
v0.2.0-rc1
v0.2.1
v0.2.2
v1.*
v1.0.0
v1.0.0-rc.1
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.1.2
Git / github.com/kubernetes-csi/csi-proxy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kubernetes/kubernetes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.13.1-dev
v0.14.0
v0.14.1
v0.15.0
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.2
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.21.1
v0.21.2
v0.3
v0.4
v0.5
v0.6.0
v0.7.0
v0.8.0
v0.9.0
v1.*
v1.0.0
v1.1.0
v1.1.0-alpha.0
v1.1.0-alpha.1
v1.1.0-beta
v1.1.1
v1.1.1-beta
v1.1.1-beta.0
v1.1.1-beta.1
v1.1.2
v1.1.2-beta.0
v1.2.0-alpha.0
v1.2.0-alpha.1