Описание
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
Ссылки
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
4.9 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specif ...
EPSS
4.9 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2