Описание
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
FAQ
How do I know if I need to install the update?
Customer should verify if they are running virtual nodes or virtual-kubelet by running the following command:
kubectl get nodes -o wide, the kubelet version will report like vk-<version>
Which virtual node version versions are affected?
The affected versions are v1.18.4-vk-azure-aci-v1.3.2 (virtual node version below this should do an upgrade.)
Where can I install the update?
Customers using Azure Kubernetes Service are automatically upgraded with the new patched version. If you are installing using the helm chart or image, you can update the image reference to mcr.microsoft.com/oss/virtual-kubelet/virtual-kubelet:1.3.2
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Уязвимость службы Microsoft Azure Kubernetes операционной системы Windows, позволяющая нарушителю повысить свои привилегии
EPSS
6.8 Medium
CVSS3