GHSA-82m2-cv7p-4m75

Suggest an improvement
Source
https://github.com/advisories/GHSA-82m2-cv7p-4m75
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-82m2-cv7p-4m75/GHSA-82m2-cv7p-4m75.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-82m2-cv7p-4m75
Aliases
Downstream
Related
Published
2024-07-18T21:30:38Z
Modified
2024-11-18T16:26:53Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Kubernetes sets incorrect permissions on Windows containers logs
Details

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Database specific 
{
    "nvd_published_at": "2024-07-18T19:15:12Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-276"
    ],
    "github_reviewed_at": "2024-07-18T21:58:12Z"
}
References

Affected packages

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.27.16

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
1.28.0
Fixed
1.28.12

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
1.29.0
Fixed
1.29.7

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
1.30.0
Fixed
1.30.3