CVE-2024-5321: Kubernetes sets incorrect permissions on Windows containers logs
(updated )
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.
References
- github.com/advisories/GHSA-82m2-cv7p-4m75
- github.com/kubernetes/kubernetes
- github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa
- github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a
- github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190
- github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1
- github.com/kubernetes/kubernetes/issues/126161
- groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0
- nvd.nist.gov/vuln/detail/CVE-2024-5321
Code Behaviors & Features
Detect and mitigate CVE-2024-5321 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →