Moderate severityNVD Advisory· Published Aug 29, 2019· Updated Sep 16, 2024
kubelet-started container uid changes to root after first restart or if image is already pulled to the node
CVE-2019-11245
Description
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetes/cmd/kubeletGo | >= 1.14.0, < 1.14.3 | 1.14.3 |
k8s.io/kubernetes/cmd/kubeletGo | >= 1.13.0, < 1.13.7 | 1.13.7 |
Affected products
1- Range: v1.13.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-r76g-g87f-vw8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-11245ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/kubernetes/kubernetes/issues/78308ghsax_refsource_CONFIRMWEB
- github.com/kubernetes/kubernetes/pull/76665ghsaWEB
- github.com/kubernetes/kubernetes/pull/76665/commits/26e3c8674e66f0d10170d34f5445f0aed207387fghsaWEB
- pkg.go.dev/vuln/GO-2024-2780ghsaWEB
- security.netapp.com/advisory/ntap-20190919-0003ghsaWEB
- security.netapp.com/advisory/ntap-20190919-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.