Kubernetes Security Flaw Let Attackers escalate to admin privileges

A new privilege escalation vulnerability has been discovered in Kubernetes, which allows threat actors to gain administrative privileges on affected pods. The CVE for this vulnerability has been assigned as CVE-2023-3676, and the severity has been given as 8.8 (High).

However, Kubernetes has addressed this vulnerability and fixed this issue on their latest version of Kubelet. Moreover, affected products have also been published.

CVE-2023-3676: Privilege Escalation

This issue exists in Kubernetes in which a user who can create pods on Windows nodes will be able to escalate to admin privileges on those nodes. It was confirmed that this issue affects only if the Kubernetes cluster consists of Windows nodes.

Additionally, the command kubectl get nodes -l kubernetes.io/os=windows can be used to check if there are any Windows nodes in use.

Affected Products and Fixed versions

ProductAffected ProductsFixed in Version
kubeletaffected at v1.28.0affected from v1.27.0 through v1.27.4affected from v1.26.0 through v1.26.7affected from v1.25.0 through v1.25.12affected from 0 through v1.24.16unaffected at v1.28.1unaffected at v1.27.5unaffected at v1.26.8unaffected at v1.25.13unaffected at v1.24.17

Mitigation & Detection

To mitigate this issue, Kubernetes patches must be applied for CVE-2023-3676 on affected products. However, for detecting this issue, Kubernetes audit logs can be used. 

Pod-create events and embedded PowerShell commands are another strong indication of exploitation. Config maps and secrets that contain embedded PowerShell commands and are mounted into pods are also a strong indication of exploitation.

Users of the affected versions of Kubernetes are recommended to upgrade to the latest version of these products to prevent this vulnerability from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.