| Advisory
Products
MOOLE SCA
Continuous visibility into open-source risk
MOOLE Container Security
End-to-end container defense across the SDLC
MOOLE SAST
Static application security testing for source code
About Us
CVE-2023-1943
Vulnerability Database
go
CVE-2023-1943
Base Score
HIGH
8.8
CVE-2023-1943
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.
Vector
ADJACENT_NETWORK
Published By
jordan@liggitt.net
Published Date
Oct 12, 2023, 00:15
Affected Versions
(2)
k8s.io/kops
(Go)
Introduced
0
Fixed
1.25.4
Limit
N/A
k8s.io/kops
(Go)
Introduced
1.26.0
Fixed
1.26.2
Limit
N/A
Package (Ecosystem)
Introduced
Fixed
Limit
k8s.io/kops
(Go)
0
1.25.4
N/A
k8s.io/kops
(Go)
1.26.0
1.26.2
N/A
Weakness Type (CWE)
:
NVD-CWE-noinfo
CVSS Metrics
CVSS v3.1
Base Score
8.8
Vector String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
ADJACENT_NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
HIGH
Availability (A)
HIGH
References
https://github.com/kubernetes/kops/issues/15539
https://groups.google.com/g/kubernetes-security-announce/c/yrCE1x89oaU
Base Score
HIGH
8.8
Weakness Type (CWE)
:
NVD-CWE-noinfo
CVSS Metrics
CVSS v3.1
Base Score
8.8
Vector String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
ADJACENT_NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
HIGH
Availability (A)
HIGH
