Permissions, Privileges, and Access Controls in Kubelet - CVE-2021-25749
Published: January 30, 2023
Vulnerability identifier: #VU71640
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-25749
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Kubernetes
Affected software:
Kubelet
Kubelet
Detailed vulnerability description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due incorrect privilege management. Windows workloads can be executed with the ContainerAdministrator privileges even when the runAsNonRoot option is set to "true".
How to mitigate CVE-2021-25749
Install updates from vendor's website.