CVE-2023-5408 - OpenCVE

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openshift Container Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.13:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.14:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:5006	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6130	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6842	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7479	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-5408	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242173	Issue Tracking Vendor Advisory
https://github.com/openshift/kubernetes/pull/1736	Issue Tracking

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-02T02:55:58.195Z

Updated: 2024-05-01T20:21:25.654Z

Reserved: 2023-10-04T17:58:23.775Z

Link: CVE-2023-5408

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-02T03:15:10.230

Modified: 2024-01-21T01:48:09.767

Link: CVE-2023-5408

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5408", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-04T17:58:23.775Z", "datePublished": "2023-11-02T02:55:58.195Z", "dateUpdated": "2024-05-01T20:21:25.654Z"}, "containers": {"cna": {"title": "Openshift: modification of node role labels", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.11", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-cluster-kube-apiserver-operator", "defaultStatus": "affected", "versions": [{"version": "v4.11.0-202311211130.p0.g7021090.assembly.stream", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.11::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.12", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-cluster-kube-apiserver-operator", "defaultStatus": "affected", "versions": [{"version": "v4.12.0-202311021630.p0.gfe5e2a1.assembly.stream", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.12::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-cluster-kube-apiserver-operator", "defaultStatus": "affected", "versions": [{"version": "v4.13.0-202310210425.p0.gd525f5d.assembly.stream", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-cluster-kube-apiserver-operator", "defaultStatus": "affected", "versions": [{"version": "v4.14.0-202310201027.p0.g8b38d12.assembly.stream", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:5006", "name": "RHSA-2023:5006", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:6130", "name": "RHSA-2023:6130", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:6842", "name": "RHSA-2023:6842", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7479", "name": "RHSA-2023:7479", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5408", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242173", "name": "RHBZ#2242173", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/openshift/kubernetes/pull/1736"}], "datePublic": "2023-10-04T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-269: Improper Privilege Management", "timeline": [{"lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Derek Carr (Red Hat) and Mrunal Patel (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-01T20:21:25.654Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*", "matchCriteriaId": "EA983F8C-3A06-450A-AEFF-9429DE9A3454", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*", "matchCriteriaId": "1FFF1D51-ABA8-4E54-B81C-A88C8A5E4842", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*", "matchCriteriaId": "486B3F69-1551-4F8B-B25B-A5864248811B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de escalada de privilegios en el complemento de admisi\u00f3n de restricci\u00f3n de nodos del servidor API de Kubernetes de OpenShift. Un atacante remoto que modifique la etiqueta de funci\u00f3n del nodo podr\u00eda dirigir cargas de trabajo desde el plano de control y los nodos etcd a diferentes nodos trabajadores y obtener un acceso m\u00e1s amplio al cl\u00faster."}], "id": "CVE-2023-5408", "lastModified": "2024-01-21T01:48:09.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-11-02T03:15:10.230", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:5006"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:6130"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:6842"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7479"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5408"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242173"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://github.com/openshift/kubernetes/pull/1736"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "secalert@redhat.com", "type": "Secondary"}]}