All the vulnerabilites related to Kubernetes - kubelet
cve-2025-1767
Vulnerability from cvelistv5
Published
2025-03-13 16:40
Modified
2025-03-17 16:59
Severity ?
EPSS score ?
Summary
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kubernetes | Kubelet |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T19:21:24.589796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:21:34.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-13T21:02:37.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/13/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubelet",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "\u003c=v1.32.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christophe Hauquiert"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable. \u003c/span\u003e\u003c/p\u003e"
}
],
"value": "This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:59:37.276Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/pull/130786"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1767",
"datePublished": "2025-03-13T16:40:42.663Z",
"dateReserved": "2025-02-27T20:16:50.774Z",
"dateUpdated": "2025-03-17T16:59:37.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10220
Vulnerability from cvelistv5
Published
2024-11-22 16:23
Modified
2024-11-25 18:22
Severity ?
EPSS score ?
Summary
Arbitrary command execution through gitRepo volume
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/128885 | issue-tracking | |
| https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko | mailing-list |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kubernetes | kubelet |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-22T17:02:54.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/20/1"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kubelet",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.28.11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.29.6",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.30.2",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.31.0"
},
{
"status": "unaffected",
"version": "1.30.3"
},
{
"status": "unaffected",
"version": "1.29.7"
},
{
"status": "unaffected",
"version": "1.28.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:21:04.320283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T18:22:59.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.28.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.29.6",
"status": "affected",
"version": "1.29.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.30.2",
"status": "affected",
"version": "1.30.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.31.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.30.3"
},
{
"status": "unaffected",
"version": "1.29.7"
},
{
"status": "unaffected",
"version": "1.28.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Imre Rad"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Imre Rad"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.\u003cp\u003eThis issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.\u003c/p\u003e"
}
],
"value": "The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T16:23:00.535Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/128885"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary command execution through gitRepo volume",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-10220",
"datePublished": "2024-11-22T16:23:00.535Z",
"dateReserved": "2024-10-21T18:56:00.535Z",
"dateUpdated": "2024-11-25T18:22:59.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-0426
Vulnerability from cvelistv5
Published
2025-02-13 15:16
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/130016 | issue-tracking | |
| https://groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8 | mailing-list |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kubernetes | kubelet |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:29:18.956503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:29:27.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-13T17:02:37.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/13/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.32.1",
"status": "affected",
"version": "1.32.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.31.5",
"status": "affected",
"version": "1.31.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.30.9",
"status": "affected",
"version": "1.30.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.32.2"
},
{
"status": "unaffected",
"version": "1.31.6"
},
{
"status": "unaffected",
"version": "1.30.10"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eOnly clusters \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003erunning an affected version with the kubelet read-only HTTP port enabled and using a container runtime that supports the container checkpointing feature, such as CRI-O v1.25.0+ (with \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eenable_criu_support\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;set to \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003etrue\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e) or containerd v2.0+ with \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003ecriu\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;installed, are affected.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Only clusters running an affected version with the kubelet read-only HTTP port enabled and using a container runtime that supports the container checkpointing feature, such as CRI-O v1.25.0+ (with enable_criu_support\u00a0set to true) or containerd v2.0+ with criu\u00a0installed, are affected."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Allclair"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eA security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node\u0027s disk. \u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node\u0027s disk."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T15:16:13.703Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/130016"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-0426",
"datePublished": "2025-02-13T15:16:13.703Z",
"dateReserved": "2025-01-13T15:08:34.825Z",
"dateUpdated": "2025-02-13T17:02:37.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9042
Vulnerability from cvelistv5
Published
2025-03-13 16:40
Modified
2025-03-13 19:24
Severity ?
EPSS score ?
Summary
This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kubernetes | Kubelet |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-13T17:02:40.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/16/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T19:24:29.055805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:24:39.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubelet",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "\u003c=v1.29.12"
},
{
"lessThanOrEqual": "v1.30.8",
"status": "affected",
"version": "v1.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.31.4",
"status": "affected",
"version": "v1.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.32.0",
"status": "affected",
"version": "v1.32",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peled, Tomer"
},
{
"lang": "en",
"type": "finder",
"value": "Aravindh Puthiyaprambil"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node\u0027s \u0027/logs\u0027 endpoint to execute arbitrary commands on the host."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:40:24.818Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/129654"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-9042",
"datePublished": "2025-03-13T16:40:13.895Z",
"dateReserved": "2024-09-20T10:02:50.891Z",
"dateUpdated": "2025-03-13T19:24:39.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3676
Vulnerability from cvelistv5
Published
2023-10-31 20:22
Modified
2025-02-27 20:38
Severity ?
EPSS score ?
Summary
Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kubernetes | kubelet |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119339"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3676",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T20:32:36.326293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:38:37.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.28.0"
},
{
"lessThanOrEqual": "v1.27.4",
"status": "affected",
"version": "v1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.26.7",
"status": "affected",
"version": "v1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.25.12",
"status": "affected",
"version": "v1.25.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.28.1"
},
{
"status": "unaffected",
"version": "v1.27.5"
},
{
"status": "unaffected",
"version": "v1.26.8"
},
{
"status": "unaffected",
"version": "v1.25.13"
},
{
"status": "unaffected",
"version": "v1.24.17"
},
{
"lessThanOrEqual": "v1.24.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Peled"
}
],
"datePublic": "2023-08-23T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\u003cbr\u003e"
}
],
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:06:09.695Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119339"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0007/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-3676",
"datePublished": "2023-10-31T20:22:53.620Z",
"dateReserved": "2023-07-14T16:06:03.399Z",
"dateUpdated": "2025-02-27T20:38:37.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5528
Vulnerability from cvelistv5
Published
2023-11-14 20:32
Modified
2024-09-06 14:18
Severity ?
EPSS score ?
Summary
Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/121879 | issue-tracking | |
| https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA | mailing-list |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kubernetes | kubelet |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/121879"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.28.3",
"status": "affected",
"version": "v1.28.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.27.7",
"status": "affected",
"version": "v1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.26.10",
"status": "affected",
"version": "v1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.25.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.28.4"
},
{
"status": "unaffected",
"version": "v1.27.8"
},
{
"status": "unaffected",
"version": "v1.26.11"
},
{
"status": "unaffected",
"version": "v1.25.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Peled"
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."
}
],
"value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:18:44.918Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/121879"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-5528",
"datePublished": "2023-11-14T20:32:08.411Z",
"dateReserved": "2023-10-11T16:12:14.212Z",
"dateUpdated": "2024-09-06T14:18:44.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3955
Vulnerability from cvelistv5
Published
2023-10-31 20:36
Modified
2025-02-13 17:03
Severity ?
EPSS score ?
Summary
Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Kubernetes | kubelet |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119595"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0002/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kubelet",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "1.28.0"
},
{
"lessThanOrEqual": "1.27.4",
"status": "affected",
"version": "1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.26.7",
"status": "affected",
"version": "1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.25.12",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.28.1"
},
{
"status": "unaffected",
"version": "1.27.5"
},
{
"status": "unaffected",
"version": "1.26.8"
},
{
"status": "unaffected",
"version": "1.25.13"
},
{
"status": "unaffected",
"version": "1.24.17"
},
{
"lessThanOrEqual": "1.24.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:32.217974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:57:40.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.28.0"
},
{
"lessThanOrEqual": "v1.27.4",
"status": "affected",
"version": "v1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.26.7",
"status": "affected",
"version": "v1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.25.12",
"status": "affected",
"version": "v1.25.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.28.1"
},
{
"status": "unaffected",
"version": "v1.27.5"
},
{
"status": "unaffected",
"version": "v1.26.8"
},
{
"status": "unaffected",
"version": "v1.25.13"
},
{
"status": "unaffected",
"version": "v1.24.17"
},
{
"lessThanOrEqual": "v1.24.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "James Sturtevant"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mark Rossetti"
}
],
"datePublic": "2023-08-23T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\u003cbr\u003e"
}
],
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T22:06:20.809Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119595"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0002/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-3955",
"datePublished": "2023-10-31T20:36:54.352Z",
"dateReserved": "2023-07-26T13:51:11.192Z",
"dateUpdated": "2025-02-13T17:03:13.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}