If, by chance, you are running some Windows nodes somewhere in your Kubernetes clusters and you still utilize the pre-CSI internal plug-ins (K8s v1.27 or earlier), then your system is in grave danger of a privilege escalation attack. Craig Ingram, a Kubernetes security engineer reported the bug, on behalf of the Kubernetes Security Response Committee, on Tuesday.

Source: The New Stack