CVE-2023-5528

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-5528

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5528.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-5528

Aliases

Downstream

ECHO-b1e8-a7c2-283a

openSUSE-SU-2025:15424-1

Related

Published

2023-11-14T21:15:14.123Z

Modified

2026-03-23T05:10:12.706542649Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

References

Affected packages

Git / github.com/kubernetes/kubernetes

Affected ranges

Type

GIT

Repo

https://github.com/kubernetes/kubernetes

Events

Introduced

0b9efaeb34a2fc51ff8e4d34ad9bc6375459c4a4

Fixed

c5f43560a4f98f2af3743a59299fb79f07924373

Introduced

b46a3f887ca979b1a5d14fd39cb1af43e7e5d12d

Fixed

3cd242c51317aed8858119529ccab22079f523b1

Introduced

1b4df30b3cdfeaba6024e81e559a6cd09a089d65

Fixed

66fee42707cd7f5a89f1987f7cb81b02dd19161c

Introduced

855e7c48de7388eb330da0f8d9d2394ee818fb8d

Fixed

bae2c62678db2b5053817bc97181fcc2e8388103

Database specific

{
    "versions": [
        {
            "introduced": "1.8.0"
        },
        {
            "fixed": "1.25.16"
        },
        {
            "introduced": "1.26.0"
        },
        {
            "fixed": "1.26.11"
        },
        {
            "introduced": "1.27.0"
        },
        {
            "fixed": "1.27.8"
        },
        {
            "introduced": "1.28.0"
        },
        {
            "fixed": "1.28.4"
        }
    ]
}

Affected versions

v1.*

v1.26.0

v1.26.1

v1.26.1-rc.0

v1.26.10

v1.26.2

v1.26.2-rc.0

v1.26.3

v1.26.3-rc.0

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.0

v1.27.1

v1.27.2

v1.27.3

v1.27.4

v1.27.5

v1.27.6

v1.27.7

v1.28.0

v1.28.1

v1.28.2

v1.28.3

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5528.json"