CVE-2024-5321 – k8s.io/kubernetes

Package

Manager: go
Name: k8s.io/kubernetes
Vulnerable Version: >=0 <1.27.16 || >=1.28.0 <1.28.12 || >=1.29.0 <1.29.7 || >=1.30.0 <1.30.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00053 pctl0.1654

Details

Kubernetes sets incorrect permissions on Windows containers logs A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Metadata

Created: 2024-07-18T21:30:38Z
Modified: 2024-11-18T16:26:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-82m2-cv7p-4m75/GHSA-82m2-cv7p-4m75.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-82m2-cv7p-4m75
Finding: F159
Auto approve: 1