Privilege Escalation in kOps GCE Provider Gossip Mode (CVE-2023-1943)
CVE-2023-1943 Published on October 12, 2023
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2023-1943
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-1943 are published in Kubernetes Operations:
Affected Versions
Kubernetes kops:- Before 1.25.3 is affected.
- Version 1.25.3 is unaffected.
- Version 1.26.0 and below 1.26.2 is affected.
- Version 1.26.2 is unaffected.
- Before 1.25.4 is affected.
- Version 1.26.0 and below 1.26.2 is affected.
Exploit Probability
EPSS
0.10%
Percentile
26.92%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.