Execution with Unnecessary Privileges
CVE-2023-1943
Summary
Privilege Escalation in k8s.io/kops versions prior to 1.25.4, and 1.26.x prior to 1.26.2 using GCE/GCP Provider in Gossip Mode.
- LOW
- ADJACENT_NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-250 - Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
References
Advisory Timeline
- Published