Vulnerabilities > CVE-2023-3893 - Unspecified vulnerability in Kubernetes CSI Proxy
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.
Vulnerable Configurations
References
- https://github.com/kubernetes/kubernetes/issues/119594
- https://github.com/kubernetes/kubernetes/issues/119594
- https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ
- https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ
- https://security.netapp.com/advisory/ntap-20231221-0004/
- https://security.netapp.com/advisory/ntap-20231221-0004/