Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.
The You must be logged in to see this link., tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were You must be logged in to see this link. on August 23, 2023, following responsible disclosure by Akamai on July 13, 2023.
"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled You must be logged in to see this link. in a technical write-up shared with The Hacker News. "To exploit this vulnerability, the attacker needs to apply a malicious YAML file on the cluster."
The You must be logged in to see this link., tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were You must be logged in to see this link. on August 23, 2023, following responsible disclosure by Akamai on July 13, 2023.
"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled You must be logged in to see this link. in a technical write-up shared with The Hacker News. "To exploit this vulnerability, the attacker needs to apply a malicious YAML file on the cluster."
