CVE-2023-5408: 
Red Hat Enterprise Linux CoreOS (RHCOS) vulnerability analysis and mitigation

A privilege escalation flaw (CVE-2023-5408) was discovered in the node restriction admission plugin of the kubernetes api server of OpenShift. The vulnerability was disclosed in October 2023 and affects multiple versions of Red Hat OpenShift Container Platform including 4.11, 4.12, 4.13, and 4.14 (Red Hat Advisory, NVD).

The vulnerability allows a remote attacker who modifies the node role label to steer workloads from the control plane and etcd nodes onto different worker nodes, potentially gaining broader access to the cluster. The CVSS v3.1 base score is 7.2 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (Red Hat Advisory).

If exploited, this vulnerability could allow an attacker to gain elevated privileges by redirecting workloads from control plane and etcd nodes to worker nodes, potentially compromising cluster security and gaining broader access to cluster resources (NVD).

Red Hat has released security updates to address this vulnerability across multiple versions of OpenShift Container Platform. Users are advised to upgrade to the patched versions: 4.14.0 (RHSA-2023:5006), 4.13.19 (RHSA-2023:6130), 4.12.43 (RHSA-2023:6842), and 4.11.54 (RHSA-2023:7479) (Red Hat Advisory).