CVE-2019-11245

Exploit

EPSS 0.15%
Veröffentlicht 29.08.2019 01:15:11
Zuletzt bearbeitet 21.11.2024 04:20:47
Quelle jordan@liggitt.net
CVE-Watchlists
Login
Unerledigt
Login

kubelet-started container uid changes to root after first restart or if image is already pulled to the node

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version1.13.6

Kubernetes ≫ Kubernetes Version1.14.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.365

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
jordan@liggitt.net	4.9	1.4	3.4	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-703 Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

https://github.com/kubernetes/kubernetes/issues/78308

Patch

Third Party Advisory

Exploit

https://security.netapp.com/advisory/ntap-20190919-0003/

https://nvd.nist.gov/vuln/detail/CVE-2019-11245

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11245

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11245

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-11245