Google Git
Sign in
go / vulndb / 5d8ad7bb24b483085d946f470fc5e62a327ce85a / . / data / osv / GO-2023-2170.json
blob: cecf42743f11e3bcdaa4aa36b7aea7224d4c5992 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2023-2170",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-3955",
"GHSA-q78c-gwqw-jcmc"
],
"summary": "Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils",
"details": "A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.17"
},
{
"introduced": "1.25.0"
},
{
"fixed": "1.25.13"
},
{
"introduced": "1.26.0"
},
{
"fixed": "1.26.8"
},
{
"introduced": "1.27.0"
},
{
"fixed": "1.27.5"
},
{
"introduced": "1.28.0"
},
{
"fixed": "1.28.1"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "k8s.io/kubernetes/pkg/volume/util",
"goos": [
"windows"
],
"symbols": [
"WriteVolumeCache"
]
}
]
}
},
{
"package": {
"name": "k8s.io/mount-utils",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.24.17"
},
{
"introduced": "0.25.0"
},
{
"fixed": "0.25.13"
},
{
"introduced": "0.26.0"
},
{
"fixed": "0.26.8"
},
{
"introduced": "0.27.0"
},
{
"fixed": "0.27.5"
},
{
"introduced": "0.28.0"
},
{
"fixed": "0.28.1"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "k8s.io/mount-utils",
"goos": [
"windows"
],
"symbols": [
"SafeFormatAndMount.formatAndMountSensitive",
"listVolumesOnDisk"
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-q78c-gwqw-jcmc"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/38c97fa67ed35f36e730856728c9e3807f63546a"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/50334505cd27cbe7cf71865388f25a00e29b2596"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/7da6d72c05dffb3b87e62e2bc8c3228ea12ba1b9"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/b7547e28f898af37aa2f1107a49111f963250fe6"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/c4e17abb04728e3a3f9bb26e727b0f978df20ec9"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/119595"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/120128"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/120134"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/120135"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/120136"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/120137"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/120138"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-2170",
"review_status": "REVIEWED"
}
}