VDB
GO-2023-2170
GO-2023-2170
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| k8s.io | mount-utils | 0.25.0, 0.26.0, 0.27.0 |
| k8s.io | kubernetes | 0, 1.25.0, 1.26.0 |
Timeline
- Aug 21, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/advisories/GHSA-q78c-gwqw-jcmc advisory
- https://github.com/kubernetes/kubernetes/commit/38c97fa67ed35f36e730856728c9e3807f63546a url
- https://github.com/kubernetes/kubernetes/commit/50334505cd27cbe7cf71865388f25a00e29b2596 url
- https://github.com/kubernetes/kubernetes/commit/7da6d72c05dffb3b87e62e2bc8c3228ea12ba1b9 url
- https://github.com/kubernetes/kubernetes/commit/b7547e28f898af37aa2f1107a49111f963250fe6 url
- https://github.com/kubernetes/kubernetes/commit/c4e17abb04728e3a3f9bb26e727b0f978df20ec9 url
- https://github.com/kubernetes/kubernetes/issues/119595 url
- https://github.com/kubernetes/kubernetes/pull/120128 url
- https://github.com/kubernetes/kubernetes/pull/120134 url
- https://github.com/kubernetes/kubernetes/pull/120135 url
- https://github.com/kubernetes/kubernetes/pull/120136 url
- https://github.com/kubernetes/kubernetes/pull/120137 url
- https://github.com/kubernetes/kubernetes/pull/120138 url
- https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E url