March 27, 2023

A new bug has been discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

The bug tracked as CVE-2021-25749, that enabled Windows workloads to run as Kubernetes Container Administrator in their containers even when the runAsNonRoot option is set to true.

This can be spotted if someone is trying to exploit this by checking your Kubernetes Audit logs for misspelled user names. These might be proof of someone trying to bypass the user pod restriction.

Advertisements

With a CVSS score of 3.8. Still, Red Hat’s security team notes that both its attack complexity and the privileges required to pull off an attack with it are high.

There is no way to mitigate it. It affects the following Kubelet versions.

  • kubelet v1.20 – v1.21
  • kubelet v1.22.0 – v1.22.13
  • kubelet v1.23.0 – v1.23.10
  • kubelet v1.24.0 – v1.24.4

Just upgrade to the next version. These are:

  • kubelet v1.22.14
  • kubelet v1.23.11
  • kubelet v1.23.5
  • kubelet v1.25.0
Tags:

Leave a Reply

You may have missed

Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
CatB Ransomware Dissection

CatB Ransomware Dissection

March 26, 2023
Microsoft Patches Acropalypse Vulnerability

Microsoft Patches Acropalypse Vulnerability

March 26, 2023
TheCyberThrone Security Week In Review – March 25th, 2023

TheCyberThrone Security Week In Review – March 25th, 2023

March 26, 2023
ChatGPT for Google- Harvest Facebook Accounts

ChatGPT for Google- Harvest Facebook Accounts

March 26, 2023
%d bloggers like this: