CVE-2023-5528
Security Issue vulnerability in kubernetes (Go)
What is CVE-2023-5528 About?
This vulnerability in Kubernetes allows a user to escalate privileges on Windows nodes. By creating pods and persistent volumes, an attacker can gain administrative access. Exploitation requires specific conditions related to Windows nodes and in-tree storage, making exploitation moderately difficult.
Affected Software
- k8s.io/kubernetes
- >1.26.0, <1.26.11
- >1.27.0, <1.27.8
- <1.25.16
- >1.28.0, <1.28.4
Technical Details
The vulnerability arises in Kubernetes clusters utilizing in-tree storage plugins for Windows nodes. A user with permissions to create pods and persistent volumes on such nodes can leverage this capability to escalate their privileges. The mechanism likely involves manipulating the pod or persistent volume configurations, perhaps through specific volume mounting options or host access, to execute commands or modify system settings with elevated permissions on the Windows host. This allows an attacker to break out of their confined pod environment and gain administrative control over the underlying node.
What is the Impact of CVE-2023-5528?
Successful exploitation may allow attackers to gain full administrative control over the affected Windows nodes, leading to unauthorized access, data manipulation, or further compromise of the Kubernetes cluster.
What is the Exploitability of CVE-2023-5528?
Exploitation of this vulnerability requires a moderate level of complexity. Prerequisites include access to a Kubernetes cluster with Windows nodes configured to use in-tree storage plugins, and the attacker must possess credentials allowing them to create pods and persistent volumes. Authentication as a legitimate user with these specific creation capabilities is necessary. The attack is carried out remotely by interacting with the Kubernetes API, targeting operations on Windows nodes. There are no special time-based or race-condition constraints, but the presence of in-tree storage for Windows nodes is a critical environmental factor. The likelihood of exploitation increases in environments where these specific configurations are prevalent and user permissions are overly generous.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-5528?
Available Upgrade Options
- k8s.io/kubernetes
- <1.25.16 → Upgrade to 1.25.16
- k8s.io/kubernetes
- >1.26.0, <1.26.11 → Upgrade to 1.26.11
- k8s.io/kubernetes
- >1.27.0, <1.27.8 → Upgrade to 1.27.8
- k8s.io/kubernetes
- >1.28.0, <1.28.4 → Upgrade to 1.28.4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/
- https://osv.dev/vulnerability/GO-2023-2341
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/
- https://github.com/kubernetes/kubernetes/pull/121884
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
- https://github.com/kubernetes/kubernetes/pull/121883
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ
- https://github.com/kubernetes/kubernetes
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4
What are Similar Vulnerabilities to CVE-2023-5528?
Similar Vulnerabilities: CVE-2023-3676 , CVE-2021-25741 , CVE-2021-25735 , CVE-2020-8559 , CVE-2020-8552
