CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*

History

21 Jan 2024, 01:48

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2023:7479 - () https://access.redhat.com/errata/RHSA-2023:7479 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:6842 - () https://access.redhat.com/errata/RHSA-2023:6842 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:5006 - () https://access.redhat.com/errata/RHSA-2023:5006 - Vendor Advisory

30 Dec 2023, 12:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:5006 -

29 Nov 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-02 03:15

Updated : 2024-02-05 00:01


NVD link : CVE-2023-5408

Mitre link : CVE-2023-5408

CVE.ORG link : CVE-2023-5408


JSON object : View

Products Affected

redhat

  • openshift_container_platform
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management