x/vulndb: potential Go vuln in github.com/openshift/kubernetes: CVE-2023-5408

[GoVulnBot]

CVE-2023-5408 references github.com/openshift/kubernetes, which may be a Go module.

Description:
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-5408
• JSON: https://github.com/CVEProject/cvelist/tree/f7fb6347d763285ea22190e26ec31b29b66778a1/2023/5xxx/CVE-2023-5408.json
• web: https://access.redhat.com/errata/RHSA-2023:6130
• web: https://access.redhat.com/security/cve/CVE-2023-5408
• web: https://bugzilla.redhat.com/show_bug.cgi?id=2242173
• fix: [release-4.14] OCPBUGS-20115: Do not allow nodes to set forbidden openshift labels openshift/kubernetes#1736
• Imported by: https://pkg.go.dev/github.com/openshift/kubernetes?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/openshift/kubernetes
      vulnerable_at: 1.28.2
      packages:
        - package: kubernetes
cves:
    - CVE-2023-5408
references:
    - web: https://access.redhat.com/errata/RHSA-2023:6130
    - web: https://access.redhat.com/security/cve/CVE-2023-5408
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=2242173
    - fix: https://github.com/openshift/kubernetes/pull/1736

[gopherbot]

Change https://go.dev/cl/539339 mentions this issue: data/excluded: batch add 7 excluded reports

[gopherbot]

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports