{ "schema_version": "1.3.1", "id": "GO-2023-2176", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", "aliases": [ "CVE-2023-3893", "GHSA-r6cc-7wj7-gfx2" ], "summary": "Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation in github.com/kubernetes-csi/csi-proxy", "details": "Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation in github.com/kubernetes-csi/csi-proxy", "affected": [ { "package": { "name": "github.com/kubernetes-csi/csi-proxy", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "1.1.3" } ] } ], "ecosystem_specific": {} }, { "package": { "name": "github.com/kubernetes-csi/csi-proxy/v2", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "2.0.0-alpha.0" }, { "fixed": "2.0.0-alpha.1" } ] } ], "ecosystem_specific": {} } ], "references": [ { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r6cc-7wj7-gfx2" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3893" }, { "type": "FIX", "url": "https://github.com/kubernetes-csi/csi-proxy/commit/0e83a68159111e4ee510f5aa56d47ba97bda60c7" }, { "type": "FIX", "url": "https://github.com/kubernetes-csi/csi-proxy/commit/2523e6674dedf3de27f84235efec28555da24664" }, { "type": "WEB", "url": "https://github.com/kubernetes/kubernetes/issues/119594" }, { "type": "WEB", "url": "https://groups.google.com/g/kubernetes-security-announce/c/lWksE2BoCyQ" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20231221-0004" } ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2023-2176", "review_status": "UNREVIEWED" } }