CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

[wzshiming]

What would you like to be added?

CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - HIGH (8.8)

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Am I vulnerable?

Any kubernetes environment with Windows nodes is impacted. Run kubectl get nodes -l kubernetes.io/os=windows to see if any Windows nodes are in use.

Affected Versions

• kubelet <= v1.28.0
• kubelet <= v1.27.4
• kubelet <= v1.26.7
• kubelet <= v1.25.12
• kubelet <= v1.24.16

kubernetes/kubernetes#119339

Why is this needed?

NONE

[github-actions]

Hi @wzshiming,
Thanks for opening an issue!
We will look into it as soon as possible.

Details

Instructions for interacting with me using comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the [gh-ci-bot](https://github.com/wzshiming/gh-ci-bot) repository.