GHSA-q78c-gwqw-jcmc
GitHub Security Advisory
Kubernetes privilege escalation vulnerability
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected Packages
Go
k8s.io/kubernetes
Affected versions:
1.28.0
(fixed in 1.28.1)
Go
k8s.io/kubernetes
Affected versions:
1.27.0
(fixed in 1.27.5)
Go
k8s.io/kubernetes
Affected versions:
1.26.0
(fixed in 1.26.8)
Go
k8s.io/kubernetes
Affected versions:
1.25.0
(fixed in 1.25.13)
Go
k8s.io/kubernetes
Affected versions:
0
(fixed in 1.24.17)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: September 17, 2025 6:29 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.