Vulnerability Report: GO-2023-2330
- CVE-2023-3676, GHSA-7fxm-f474-hf8w
- Affects: k8s.io/kubernetes
- Published: Aug 21, 2024
- Modified: Dec 12, 2024
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-7fxm-f474-hf8w.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.24.17, from v1.25.0 before v1.25.13, from v1.26.0 before v1.26.8, from v1.27.0 before v1.27.5, from v1.28.0 before v1.28.1
2 unexported affected symbols
- evalSymlink
- getUpperPath
Aliases
References
- https://github.com/advisories/GHSA-7fxm-f474-hf8w
- https://github.com/kubernetes/kubernetes/commit/073f9ea33a93ddaecdc2e829150fb715f6387399
- https://github.com/kubernetes/kubernetes/commit/39cc101c7855341c651a943b9836b50fbace8a6b
- https://github.com/kubernetes/kubernetes/commit/74b617310c24ca84c2ec90c3858af745d65b5226
- https://github.com/kubernetes/kubernetes/commit/890483394221c8f22e88c48f86cd4eaf4de65fd6
- https://github.com/kubernetes/kubernetes/commit/a53faf5e17ed0b0771a605c6401ba4cbf297b59a
- https://github.com/kubernetes/kubernetes/issues/119339
- https://github.com/kubernetes/kubernetes/pull/120127
- https://github.com/kubernetes/kubernetes/pull/120129
- https://github.com/kubernetes/kubernetes/pull/120130
- https://github.com/kubernetes/kubernetes/pull/120131
- https://github.com/kubernetes/kubernetes/pull/120132
- https://github.com/kubernetes/kubernetes/pull/120133
- https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc
- https://security.netapp.com/advisory/ntap-20231130-0007
- https://vuln.go.dev/ID/GO-2023-2330.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.