CVE-2023-3676

Publication date 31 October 2023

Last updated 4 August 2025


Ubuntu priority

Cvss 3 Severity Score

8.8 · High

Score breakdown

Description

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Read the notes from the security team

Status

Package Ubuntu Release Status
kubernetes 25.04 plucky Not in release
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Not affected
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected

Notes


leosilva

kubernates is in fact a kubernetes installer that calls snap, not the package it self.

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.8 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H


Access our resources on patching vulnerabilities