Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5528: CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes · Issue #121879 · kubernetes/kubernetes

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

CVE
#vulnerability#windows#js#kubernetes

CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - HIGH (7.2)

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Am I vulnerable?

Any kubernetes environment with Windows nodes is impacted. Run kubectl get nodes -l kubernetes.io/os=windows to see if any Windows nodes are in use.

Affected Versions

  • kubelet >= v1.8.0 (including all later minor versions)

How do I mitigate this vulnerability?

The provided patch fully mitigates the vulnerability.

Outside of applying the provided patch, there are no known mitigations to this vulnerability.

Fixed Versions

  • kubelet master - fixed by Use golang library instead of mklink #121881
  • kubelet v1.28.4 - fixed by Automated cherry pick of #121881: Use golang library instead of mklink #121882
  • kubelet v1.27.8 - fixed by Automated cherry pick of #121881: Use golang library instead of mklink #121883
  • kubelet v1.26.11 - fixed by Automated cherry pick of #121881: Use golang library instead of mklink #121884
  • kubelet v1.25.16 - fixed by Automated cherry pick of #121881: Use golang library instead of mklink #121885

To upgrade, refer to the documentation:
https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster

Detection

Kubernetes audit logs can be used to detect if this vulnerability is being exploited. Persistent Volume create events with local path fields containing special characters are a strong indication of exploitation.

If you find evidence that this vulnerability has been exploited, please contact [email protected]

Acknowledgements

This vulnerability was reported by Tomer Peled @tomerpeled92

The issue was fixed and coordinated by the fix team:

James Sturtevant @jsturtevant
Mark Rossetti @marosset
Michelle Au @msau42
Jan Šafránek @jsafrane
Mo Khan @enj
Rita Zhang @ritazh
Micah Hausler @micahhausler
Sri Saran Balaji @SaranBalaji90
Craig Ingram @cji

and release managers:
Jeremy Rickard @jeremyrickard
Marko Mudrinić @xmudrii

/area security
/kind bug
/committee security-response
/label official-cve-feed
/sig windows
/sig storage
/area kubelet

Related news

Gentoo Linux Security Advisory 202405-31

Gentoo Linux Security Advisory 202405-31 - A vulnerability has been discovered in Kubelet, which can lead to privilege escalation. Versions greater than or equal to 1.28.5 are affected.

Red Hat Security Advisory 2024-1203-03

Red Hat Security Advisory 2024-1203-03 - The components for Red Hat OpenShift for Windows Containers 9.0.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-0954-03

Red Hat Security Advisory 2024-0954-03 - The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7710-03

Red Hat Security Advisory 2023-7710-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7709-03

Red Hat Security Advisory 2023-7709-03 - The components for Red Hat OpenShift for Windows Containers 8.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7662-03

Red Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.

GHSA-hq6q-c2x6-hmch: Kubernetes Improper Input Validation vulnerability

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907