October 3, 2023

A new bug has been discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

The bug tracked as CVE-2021-25749, that enabled Windows workloads to run as Kubernetes Container Administrator in their containers even when the runAsNonRoot option is set to true.

This can be spotted if someone is trying to exploit this by checking your Kubernetes Audit logs for misspelled user names. These might be proof of someone trying to bypass the user pod restriction.

Advertisements

With a CVSS score of 3.8. Still, Red Hat’s security team notes that both its attack complexity and the privileges required to pull off an attack with it are high.

There is no way to mitigate it. It affects the following Kubelet versions.

  • kubelet v1.20 – v1.21
  • kubelet v1.22.0 – v1.22.13
  • kubelet v1.23.0 – v1.23.10
  • kubelet v1.24.0 – v1.24.4

Just upgrade to the next version. These are:

  • kubelet v1.22.14
  • kubelet v1.23.11
  • kubelet v1.23.5
  • kubelet v1.25.0
Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: