CVE-2023-3955

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 31, 2023

Updated: Dec 21, 2023

CWE ID 20

Summary

CVE-2023-3955 is a newly discovered vulnerability in Kubernetes that affects clusters with Windows nodes. A user with the ability to create pods on these nodes may exploit a security flaw, escalating their privileges to administrative access. This issue poses a significant risk, as it allows unauthorized users to gain administrative control over Kubernetes clusters including Windows nodes. Organizations utilizing such clusters are strongly advised to update their Kubernetes components to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sH4jai
https://www.cve.org/CVERecord?id=CVE-2023-3955
https://nvd.nist.gov/vuln/detail/CVE-2023-3955

Back to Vulnerability Database

CVE-2023-3955

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations