SB2023013031 - Privilege escalation in Kubernetes Kubelet
Published: January 30, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-25749)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due incorrect privilege management. Windows workloads can be executed with the ContainerAdministrator privileges even when the runAsNonRoot option is set to "true".
Remediation
Install update from vendor's website.