| Name | CVE-2023-5528 |
| Description | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| kubernetes (PTS) | bullseye | 1.20.5+really1.20.2-1 | fixed |
| sid, trixie, bookworm | 1.20.5+really1.20.2-1.1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| kubernetes | source | (unstable) | (not affected) | | | |
Notes
- kubernetes <not-affected> (Windows-specific)