Vulnerability Report: GO-2023-2170

  • CVE-2023-3955, GHSA-q78c-gwqw-jcmc
  • Affects: k8s.io/kubernetes, k8s.io/mount-utils
  • Published: Aug 21, 2024
  • Modified: Dec 12, 2024

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-q78c-gwqw-jcmc.

Affected Packages

  • Path
    Go Versions
    Symbols
  • k8s.io/kubernetes/pkg/volume/util
    before v1.24.17, from v1.25.0 before v1.25.13, from v1.26.0 before v1.26.8, from v1.27.0 before v1.27.5, from v1.28.0 before v1.28.1
  • k8s.io/mount-utils
    before v0.24.17, from v0.25.0 before v0.25.13, from v0.26.0 before v0.26.8, from v0.27.0 before v0.27.5, from v0.28.0 before v0.28.1
    2 unexported affected symbols
    • SafeFormatAndMount.formatAndMountSensitive
    • listVolumesOnDisk

Aliases

References

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.