Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-25749: [Security Advisory] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

CVE
#vulnerability#windows#git#kubernetes

Hello Kubernetes Community,

A security issue was discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true .

This issue has been rated low and assigned CVE-2021-25749

Am I vulnerable?

All Kubernetes clusters with following versions, running Windows workloads with runAsNonRoot are impacted.

Affected Versions

  • kubelet v1.20 - v1.21
  • kubelet v1.22.0 - v1.22.13
  • kubelet v1.23.0 - v1.23.10
  • kubelet v1.24.0 - v1.24.4

How do I mitigate this vulnerability?

There are no known mitigations to this vulnerability.

Fixed Versions

  • kubelet v1.22.14
  • kubelet v1.23.11
  • kubelet v1.23.5
  • kubelet v1.25.0

To upgrade, refer to this documentation. For core Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster

Detection

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact secu…@kubernetes.io

Additional Details

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/112192

Acknowledgements

This vulnerability was reported and fixed by Mark Rosetti (@marosset)

Thank You,

Pushkar Joglekar on behalf of the Kubernetes Security Response Committee

Related news

Red Hat Security Advisory 2022-9096-01

Red Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.

RHSA-2022:9096: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 7.0.0 [security update]

The components for Red Hat OpenShift support for Windows Container 7.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25749: kubelet: runAsNonRoot logic bypass for Windows containers * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter *...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907