CVE-2023-3676
Security Issue vulnerability in kubernetes (Go)
What is CVE-2023-3676 About?
This Kubernetes security issue allows a user to escalate privileges on Windows nodes. An attacker with the ability to create pods on Windows nodes can gain administrative access. Exploitation is dependent on the presence of Windows nodes, making it moderately difficult.
Affected Software
- k8s.io/kubernetes
- <1.24.17
- >1.28.0, <1.28.1
- >1.26.0, <1.26.8
- >1.25.0, <1.25.13
- >1.27.0, <1.27.5
Technical Details
The vulnerability concerns a privilege escalation flaw in Kubernetes affecting Windows nodes. A user who possesses the capability to create pods on these Windows nodes can exploit this to achieve administrative privileges. The exact mechanism likely involves crafting a specific pod definition that leverages insecure configurations or vulnerabilities within the k8s.io/kubernetes components on the Windows operating system. This could include hostPath volume mounts that allow access to critical system directories, or specific container configurations that bypass security boundaries, enabling the attacker to run code with elevated privileges on the underlying host directly from their created pod.
What is the Impact of CVE-2023-3676?
Successful exploitation may allow attackers to gain full administrative control over the affected Windows nodes, leading to unauthorized access, data manipulation, or further compromise of the Kubernetes cluster.
What is the Exploitability of CVE-2023-3676?
Exploitation of this vulnerability requires a moderate level of complexity. Prerequisites include a Kubernetes cluster that includes Windows nodes, and the attacker must have authenticated access with privileges to create pods. The attack is carried out remotely by submitting malicious pod definitions to the Kubernetes API. There are no known direct authentication bypasses or local-only constraints described. The critical special condition is the presence of Windows nodes in the cluster. Misconfigured pod security policies or lax role-based access control (RBAC) that allow unvetted users to create pods on Windows nodes would significantly increase the likelihood of exploitation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-3676?
Available Upgrade Options
- k8s.io/kubernetes
- <1.24.17 → Upgrade to 1.24.17
- k8s.io/kubernetes
- >1.25.0, <1.25.13 → Upgrade to 1.25.13
- k8s.io/kubernetes
- >1.26.0, <1.26.8 → Upgrade to 1.26.8
- k8s.io/kubernetes
- >1.27.0, <1.27.5 → Upgrade to 1.27.5
- k8s.io/kubernetes
- >1.28.0, <1.28.1 → Upgrade to 1.28.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/kubernetes/kubernetes/pull/120133
- https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc
- https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc
- https://github.com/kubernetes/kubernetes/commit/a53faf5e17ed0b0771a605c6401ba4cbf297b59a
- https://github.com/kubernetes/kubernetes/pull/120129
- https://github.com/kubernetes/kubernetes/commit/74b617310c24ca84c2ec90c3858af745d65b5226
- https://github.com/kubernetes/kubernetes/commit/39cc101c7855341c651a943b9836b50fbace8a6b
- https://github.com/kubernetes/kubernetes/pull/120127
- https://security.netapp.com/advisory/ntap-20231130-0007/
- https://github.com/kubernetes/kubernetes/commit/073f9ea33a93ddaecdc2e829150fb715f6387399
What are Similar Vulnerabilities to CVE-2023-3676?
Similar Vulnerabilities: CVE-2023-5528 , CVE-2021-25741 , CVE-2021-25735 , CVE-2020-8559 , CVE-2020-8552
