CVE-2023-5528

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-5528
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5528.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-5528
Aliases
Downstream
Related
Published
2023-11-14T20:32:08.411Z
Modified
2026-06-25T04:02:32.172067359Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
Details

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5528.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "kubernetes"
}
References

Affected packages

Git / github.com/kubernetes/kubernetes

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/kubernetes
Events
Introduced
0b9efaeb34a2fc51ff8e4d34ad9bc6375459c4a4
Fixed
c5f43560a4f98f2af3743a59299fb79f07924373
Introduced
b46a3f887ca979b1a5d14fd39cb1af43e7e5d12d
Fixed
3cd242c51317aed8858119529ccab22079f523b1
Introduced
1b4df30b3cdfeaba6024e81e559a6cd09a089d65
Fixed
66fee42707cd7f5a89f1987f7cb81b02dd19161c
Introduced
855e7c48de7388eb330da0f8d9d2394ee818fb8d
Fixed
bae2c62678db2b5053817bc97181fcc2e8388103
Database specific 
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.8.0"
        },
        {
            "fixed": "1.25.16"
        },
        {
            "introduced": "1.26.0"
        },
        {
            "fixed": "1.26.11"
        },
        {
            "introduced": "1.27.0"
        },
        {
            "fixed": "1.27.8"
        },
        {
            "introduced": "1.28.0"
        },
        {
            "fixed": "1.28.4"
        }
    ]
}

Affected versions

v1.*
v1.26.0
v1.26.1
v1.26.1-rc.0
v1.26.10
v1.26.2
v1.26.2-rc.0
v1.26.3
v1.26.3-rc.0
v1.26.4
v1.26.5
v1.26.6
v1.26.7
v1.26.8
v1.26.9
v1.27.0
v1.27.1
v1.27.2
v1.27.3
v1.27.4
v1.27.5
v1.27.6
v1.27.7
v1.28.0
v1.28.1
v1.28.2
v1.28.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5528.json"