AZL-34894

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34894.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-34894

Upstream

CVE-2023-5528

Published

2023-11-14T21:15:14Z

Modified

2026-04-01T05:11:47.248163Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-5528 affecting package kubernetes for versions less than 1.28.7-2

Details

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-5528

Affected packages

Azure Linux:3 / kubernetes

Package

Name: kubernetes
Purl: pkg:rpm/azure-linux/kubernetes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.28.7-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34894.json"