CVE-2023-3676

HIGH8.8EPSS 40.7%

Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes

Published: 10/31/2023Modified: 4/28/2026

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected packages (3)

Debian/kubernetesfrom 0, < 1.20.5+really1.20.2-1
Go/k8s.io/kubernetes>= 1.28.0, < 1.28.1
Go/k8s.io/kubernetesfrom 0, < 1.24.17, >= 1.25.0, < 1.25.13, >= 1.26.0, < 1.26.8, >= 1.27.0, < 1.27.5, >= 1.28.0, < 1.28.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (18)

ADVISORYhttps://github.com/advisories/GHSA-7fxm-f474-hf8w
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-3676
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-3676
PATCHhttps://github.com/kubernetes/kubernetes
WEBhttps://github.com/kubernetes/kubernetes/commit/073f9ea33a93ddaecdc2e829150fb715f6387399
WEBhttps://github.com/kubernetes/kubernetes/commit/39cc101c7855341c651a943b9836b50fbace8a6b
WEBhttps://github.com/kubernetes/kubernetes/commit/74b617310c24ca84c2ec90c3858af745d65b5226
WEBhttps://github.com/kubernetes/kubernetes/commit/890483394221c8f22e88c48f86cd4eaf4de65fd6
WEBhttps://github.com/kubernetes/kubernetes/commit/a53faf5e17ed0b0771a605c6401ba4cbf297b59a
WEBhttps://github.com/kubernetes/kubernetes/issues/119339
WEBhttps://github.com/kubernetes/kubernetes/pull/120127
WEBhttps://github.com/kubernetes/kubernetes/pull/120129
WEBhttps://github.com/kubernetes/kubernetes/pull/120130
WEBhttps://github.com/kubernetes/kubernetes/pull/120131
WEBhttps://github.com/kubernetes/kubernetes/pull/120132
WEBhttps://github.com/kubernetes/kubernetes/pull/120133
WEBhttps://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc
WEBhttps://security.netapp.com/advisory/ntap-20231130-0007