CVE-2023-3955
Privilege Escalation vulnerability in kubernetes (Go)
What is CVE-2023-3955 About?
This security issue in Kubernetes allows users to escalate to admin privileges on Windows nodes. It specifically affects clusters that include Windows nodes and involves users who can create pods. Exploitation could lead to full control over those Windows nodes.
Affected Software
- k8s.io/kubernetes
- <1.24.17
- >1.28.0, <1.28.1
- >1.26.0, <1.26.8
- >1.25.0, <1.25.13
- >1.27.0, <1.27.5
- k8s.io/mount-utils
- <0.24.17
Technical Details
The vulnerability enables privilege escalation on Kubernetes Windows nodes. A user capable of creating pods on these nodes can exploit a flaw that allows them to elevate their privileges to an administrator level. This likely involves a misconfiguration or a bypass associated with the privileges granted to containers on Windows or a weakness in how pod security policies are enforced on the Windows operating system. By deploying a specially crafted pod, the attacker can leverage underlying Windows mechanisms or Kubernetes integration specifics to gain elevated access to the host operating system.
What is the Impact of CVE-2023-3955?
Successful exploitation may allow attackers to gain administrative privileges on affected Windows nodes, leading to complete node compromise, unauthorized access to resources, and potential lateral movement within the cluster.
What is the Exploitability of CVE-2023-3955?
Exploitation is of medium complexity. An attacker would need authenticated user access with permissions to create pods on the Kubernetes cluster. The cluster must specifically include Windows nodes for the vulnerability to be present. This vulnerability can be exploited remotely by submitting a malicious pod configuration via the Kubernetes API. The risk is significantly higher in environments where untrusted users have pod creation privileges on Windows nodes, as this is a direct path to node compromise.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-3955?
Available Upgrade Options
- k8s.io/mount-utils
- <0.24.17 → Upgrade to 0.24.17
- k8s.io/kubernetes
- <1.24.17 → Upgrade to 1.24.17
- k8s.io/kubernetes
- >1.25.0, <1.25.13 → Upgrade to 1.25.13
- k8s.io/kubernetes
- >1.26.0, <1.26.8 → Upgrade to 1.26.8
- k8s.io/kubernetes
- >1.27.0, <1.27.5 → Upgrade to 1.27.5
- k8s.io/kubernetes
- >1.28.0, <1.28.1 → Upgrade to 1.28.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
- https://github.com/kubernetes/kubernetes/commit/50334505cd27cbe7cf71865388f25a00e29b2596
- https://github.com/kubernetes/kubernetes/pull/120137
- https://github.com/kubernetes/kubernetes/commit/b7547e28f898af37aa2f1107a49111f963250fe6
- https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E
- https://security.netapp.com/advisory/ntap-20231221-0002/
- https://github.com/kubernetes/kubernetes/pull/120134
- https://github.com/kubernetes/kubernetes/commit/7da6d72c05dffb3b87e62e2bc8c3228ea12ba1b9
- https://github.com/kubernetes/kubernetes/commit/c4e17abb04728e3a3f9bb26e727b0f978df20ec9
- https://github.com/kubernetes/kubernetes/commit/38c97fa67ed35f36e730856728c9e3807f63546a
What are Similar Vulnerabilities to CVE-2023-3955?
Similar Vulnerabilities: CVE-2021-25740 , CVE-2021-25741 , CVE-2022-3162 , CVE-2023-2727 , CVE-2023-39325
