Privilege Escalation in kOps GCE Provider Gossip Mode (CVE-2023-1943)
CVE-2023-1943 Published on October 12, 2023

Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Execution with Unnecessary Privileges

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Products Associated with CVE-2023-1943

Want to know whenever a new CVE is published for Kubernetes Operations? stack.watch will email you.

Kubernetes Operations

Affected Versions

Kubernetes kops:

Before 1.25.3 is affected.
Version 1.25.3 is unaffected.
Version 1.26.0 and below 1.26.2 is affected.
Version 1.26.2 is unaffected.

kubernetes kops:

Before 1.25.4 is affected.
Version 1.26.0 and below 1.26.2 is affected.

Exploit Probability

EPSS

0.10%

Percentile

26.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Privilege Escalation in kOps GCE Provider Gossip Mode (CVE-2023-1943)CVE-2023-1943 Published on October 12, 2023

Vulnerability Analysis

Weakness Type

Execution with Unnecessary Privileges

Products Associated with CVE-2023-1943

Affected Versions

Exploit Probability

Privilege Escalation in kOps GCE Provider Gossip Mode (CVE-2023-1943)
CVE-2023-1943 Published on October 12, 2023