Date: Thu, 15 Sep 2022 14:49:36 -0700 From: Pushkar Joglekar <pushkarj.at.work@...il.com> To: oss-security@...ts.openwall.com Subject: [kubernetes] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true . This issue has been rated low and assigned CVE-2021-25749 <https://hackmd.io/ndl5QD3tTUKqYdO7rfGX7A#Am-I-vulnerable>Am I vulnerable? All Kubernetes clusters with following versions, running Windows workloads with runAsNonRoot are impacted. Affected Versions - kubelet v1.20 - v1.21 - kubelet v1.22.0 - v1.22.13 - kubelet v1.23.0 - v1.23.10 - kubelet v1.24.0 - v1.24.4 How do I mitigate this vulnerability? There are no known mitigations to this vulnerability. <https://hackmd.io/ndl5QD3tTUKqYdO7rfGX7A#Fixed-Versions>Fixed Versions - kubelet v1.22.14 - kubelet v1.23.11 - kubelet v1.23.5 - kubelet v1.25.0 To upgrade, refer to this documentation. *For core Kubernetes:* https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster Detection Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as. If you find evidence that this vulnerability has been exploited, please contact security@...ernetes.io Additional Details See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/112192 Acknowledgements This vulnerability was reported and fixed by Mark Rosetti (@marosset) Thank You, Pushkar Joglekar on behalf of the Kubernetes Security Response Committee
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.