CVE-2019-11245

Medium

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container…

kubernetes·CWE-703·Published 2019-08-29

CVSS

4.9

EPSS

0.01

KEV

Exploits

cve.orgen

394 chars

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.

NVDen

394 chars

GHSAen

400 chars

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit `runAsUser` attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified `mustRunAsNonRoot: true`, the kubelet will refuse to start the container as root. If the pod did not specify `mustRunAsNonRoot: true`, the kubelet will run the container as uid 0.

NVDes

417 chars

En kubelet v1.13.6 y v1.14.2, los contenedores para pods que no especifican un intento runAsUser explícito de ejecutarse como uid 0 (raíz) en el reinicio del contenedor, o si la imagen se extrajo previamente en el nodo. Si el pod especificado mustRunAsNonRoot: true, el kubelet se negará a iniciar el contenedor como root. Si el pod no especificó mustRunAsNonRoot: true, el kubelet ejecutará el contenedor como uid 0.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	4.9	—	—	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.0	Primary	cve.org	4.9	—	—	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.0	Secondary	NVD	4.9	1.4	3.4	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Secondary	GHSA	4.9	—	—	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L