Skip to content

Kubernetes sets incorrect permissions on Windows containers logs

Moderate severity GitHub Reviewed Published Jul 18, 2024 to the GitHub Advisory Database • Updated Aug 7, 2024

Package

gomod k8s.io/kubernetes (Go)

Affected versions

< 1.27.16
>= 1.28.0, < 1.28.12
>= 1.29.0, < 1.29.7
>= 1.30.0, < 1.30.3

Patched versions

1.27.16
1.28.12
1.29.7
1.30.3

Description

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

References

Published by the National Vulnerability Database Jul 18, 2024
Published to the GitHub Advisory Database Jul 18, 2024
Reviewed Jul 18, 2024
Last updated Aug 7, 2024

Severity

Moderate

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-5321

GHSA ID

GHSA-82m2-cv7p-4m75

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.