oss-sec mailing list archives
[kubernetes] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers
From: Pushkar Joglekar <pushkarj.at.work () gmail com>
Date: Thu, 15 Sep 2022 14:49:36 -0700
Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true . This issue has been rated low and assigned CVE-2021-25749 <https://hackmd.io/ndl5QD3tTUKqYdO7rfGX7A#Am-I-vulnerable>Am I vulnerable? All Kubernetes clusters with following versions, running Windows workloads with runAsNonRoot are impacted. Affected Versions - kubelet v1.20 - v1.21 - kubelet v1.22.0 - v1.22.13 - kubelet v1.23.0 - v1.23.10 - kubelet v1.24.0 - v1.24.4 How do I mitigate this vulnerability? There are no known mitigations to this vulnerability. <https://hackmd.io/ndl5QD3tTUKqYdO7rfGX7A#Fixed-Versions>Fixed Versions - kubelet v1.22.14 - kubelet v1.23.11 - kubelet v1.23.5 - kubelet v1.25.0 To upgrade, refer to this documentation. *For core Kubernetes:* https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster Detection Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as. If you find evidence that this vulnerability has been exploited, please contact security () kubernetes io Additional Details See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/112192 Acknowledgements This vulnerability was reported and fixed by Mark Rosetti (@marosset) Thank You, Pushkar Joglekar on behalf of the Kubernetes Security Response Committee
Current thread:
- [kubernetes] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers Pushkar Joglekar (Sep 15)