March 14, 2024 at 08:51AM A high-severity flaw in Kubernetes, CVE-2023-5528, allowed attackers to execute code with SYSTEM privileges on Windows endpoints. Exploiting a loophole involving local volumes, an attacker could inject commands to achieve remote code execution. The flaw impacted kubelet versions 1.8.0 and after and was patched in updates released on November 14, … Read more
March 14, 2024 at 07:57AM Akamai issued a warning about a high-severity Kubernetes vulnerability, CVE-2023-5528, affecting default installations. The issue allows arbitrary code execution with System privileges on Windows endpoints when creating a pod with a local volume. Akamai provided a PoC exploit and advised upgrading to Kubernetes version 1.28.4, even for clusters without Windows … Read more
March 13, 2024 at 01:21PM A security bug in Kubernetes allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes in a cluster. Tracked as CVE-2023-5528 with a CVSS score of 7.2, the vulnerability can be exploited by manipulating Kubernetes volumes. The flaw affects … Read more