CVE-2019-11245: Incorrect Default Permissions
(updated )
In kubelet, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true
, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true
, the kubelet will run the container as uid 0.
References
Detect and mitigate CVE-2019-11245 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →