CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

Published: Nov 2, 2023
Updated: Nov 10, 2023
CVE: CVE-2023-5408
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	4.13	4.13.x
redhat / openshift_container_platform	4.12	4.12.x
redhat / openshift_container_platform	4.11	4.11.x
redhat / openshift_container_platform	4.14	4.14.x

https://access.redhat.com/errata/RHSA-2023:5006
https://access.redhat.com/errata/RHSA-2023:6130
https://access.redhat.com/errata/RHSA-2023:6842
https://access.redhat.com/errata/RHSA-2023:7479
https://access.redhat.com/security/cve/CVE-2023-5408
https://bugzilla.redhat.com/show_bug.cgi?id=2242173
https://github.com/openshift/kubernetes/pull/1736

Vulnerability Database

289,599

CVE-2023-5408