GHSA-r76g-g87f-vw8f

Source

https://github.com/advisories/GHSA-r76g-g87f-vw8f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-r76g-g87f-vw8f/GHSA-r76g-g87f-vw8f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r76g-g87f-vw8f

Aliases

Published

2024-04-24T20:03:48Z

Modified

2024-06-10T19:33:51Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Kubelet Incorrect Privilege Assignment

Details

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": null,
    "github_reviewed_at": "2024-04-24T20:03:48Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-266",
        "CWE-703"
    ]
}

References

Affected packages

Go / k8s.io/kubernetes/cmd/kubelet

Package

Name: k8s.io/kubernetes/cmd/kubelet; View open source insights on deps.dev
Purl: pkg:golang/k8s.io/kubernetes/cmd/kubelet

Affected ranges

Type: SEMVER
Events: Introduced

1.14.0

Fixed

1.14.3

Go / k8s.io/kubernetes/cmd/kubelet

Package

Name: k8s.io/kubernetes/cmd/kubelet; View open source insights on deps.dev
Purl: pkg:golang/k8s.io/kubernetes/cmd/kubelet

Affected ranges

Type: SEMVER
Events: Introduced

1.13.0

Fixed

1.13.7