Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2019-11245
HistoryMay 31, 2019 - 6:21 a.m.

CVE-2019-11245

2019-05-3106:21:32
redhat.com
access.redhat.com
11

0.0004 Low

EPSS

Percentile

5.1%

JSON

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.

Mitigation

There are two potential mitigations to this issue:

1. Downgrade to kubelet v1.13.5 or v1.14.1 as instructed by your Kubernetes distribution.
2. Set RunAsUser on all pods in the cluster that should not run as root. This is a Security Context feature; the docs are at <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod&gt;

Related

github 1
cve 1
gitlab 1
cvelist 1
nvd 1
debiancve 1
ibm 2
prion 1
osv 3
ubuntucve 1
veracode 1
nessus 1
photon 2
github
github
Kubelet Incorrect Privilege Assignment
2024-04-24 20:03:48
cve
cve
CVE-2019-11245
2019-08-29 01:15:11
gitlab
gitlab
Incorrect Default Permissions
2019-08-29 00:00:00
cvelist
cvelist
CVE-2019-11245 kubelet-started container uid changes to root after first restart or if image is already pulled to the node
2019-05-24 00:00:00
nvd
nvd
CVE-2019-11245
2019-08-29 01:15:11
debiancve
debiancve
CVE-2019-11245
2019-08-29 01:15:11
ibm
ibm
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11245)
2019-12-30 16:06:55
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-1022
2020-03-06 20:58:47
prion
prion
Code injection
2019-08-29 01:15:00
osv
osv
Kubelet Incorrect Privilege Assignment
2024-04-24 20:03:48
CVE-2019-11245
2019-08-29 01:15:11
Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes
2024-06-10 16:39:03
ubuntucve
ubuntucve
CVE-2019-11245
2019-08-29 00:00:00
veracode
veracode
Authorization Bypass
2019-06-03 01:54:20
nessus
nessus
Photon OS 2.0: Kubernetes PHSA-2019-2.0-0177
2019-10-07 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0177
2019-09-30 00:00:00
Critical Photon OS Security Update - PHSA-2019-0177
2019-09-30 00:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for RH:CVE-2019-11245
github1cve1gitlab1cvelist1nvd1debiancve1ibm2prion1osv3ubuntucve1veracode1nessus1photon2