CVE-2024-5321

2024-07-1819:15:12

CWE-276

kubernetes

web.nvd.nist.gov

kubernetes

windows nodes

unauthorized access

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

9.3%

JSON

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

CNA Affected

[
  {
    "vendor": "Kubernetes",
    "product": "Kubernetes",
    "platforms": [
      "Windows"
    ],
    "repo": "https://github.com/kubernetes/kubernetes",
    "modules": [
      "kubelet"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.27.0",
        "lessThanOrEqual": "1.27.15",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.28.0",
        "lessThanOrEqual": "1.28.11",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.29.0",
        "lessThanOrEqual": "1.29.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.30.0",
        "lessThanOrEqual": "1.30.2",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "1.27.16"
      },
      {
        "status": "unaffected",
        "version": "1.28.12"
      },
      {
        "status": "unaffected",
        "version": "1.29.7"
      },
      {
        "status": "unaffected",
        "version": "1.30.3"
      }
    ],
    "defaultStatus": "affected"
  }
]