CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:5006	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6130	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6842	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7479	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-5408	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242173	Issue Tracking Vendor Advisory
https://github.com/openshift/kubernetes/pull/1736	Issue Tracking
https://access.redhat.com/errata/RHSA-2023:5006	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6130	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6842	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7479	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-5408	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242173	Issue Tracking Vendor Advisory
https://github.com/openshift/kubernetes/pull/1736	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*

History

21 Nov 2024, 08:41

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2023:5006 - Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2023:5006 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:6130 - Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2023:6130 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:6842 - Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2023:6842 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7479 - Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2023:7479 - Vendor Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2023-5408 - Vendor Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-5408 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2242173 - Issue Tracking, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2242173 - Issue Tracking, Vendor Advisory
References	~~() https://github.com/openshift/kubernetes/pull/1736 - Issue Tracking~~	() https://github.com/openshift/kubernetes/pull/1736 - Issue Tracking

21 Jan 2024, 01:48

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2023:7479 -~~	() https://access.redhat.com/errata/RHSA-2023:7479 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:6842 -~~	() https://access.redhat.com/errata/RHSA-2023:6842 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:5006 -~~	() https://access.redhat.com/errata/RHSA-2023:5006 - Vendor Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*

30 Dec 2023, 12:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:5006 -

29 Nov 2023, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-02 03:15

Updated : 2024-11-21 08:41

NVD link : CVE-2023-5408

Mitre link : CVE-2023-5408

CVE.ORG link : CVE-2023-5408

JSON object : View

Products Affected

redhat

openshift_container_platform

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

7.2 /10