Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2023-5528

CVE-2023-5528

UNKNOWN

Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

Published Nov 14, 2023

Modified 2 years ago

Fix available

Details

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Affected Packages

k8s.io/kubelet

kubernetes

Fixed in:

1.28.41.27.81.26.111.25.16

References

https://github.com/kubernetes/kubernetes/issues/121879

https://www.cve.org/cverecord?id=CVE-2023-5528

Ecosystems

Timeline

PublishedNov 14, 2023

ModifiedNov 14, 2023

CVE-2023-5528 | Mondoo Vulnerability Intelligence