CVE-2023-5528

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 14, 2023
Updated: Jan 3, 2025
CWE ID 20

Summary

CVE-2023-5528 is a newly identified vulnerability in Kubernetes that allows users with the ability to create pods and persistent volumes on Windows nodes to potentially escalate their privileges to administrative access. This issue only affects Kubernetes clusters that utilize an in-tree storage plugin for Windows nodes. The exact exploit details are not publicly disclosed yet, but it is recommended that affected organizations apply the latest security patches to mitigate this risk. This vulnerability can lead to serious consequences, including unauthorized access and system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share