github.com/kubernetes/kubernetes is vulnerable to Improper Access Control. The vulnerability exists in the verifyRunAsNonRoot
function of security_context_windows.go
because the logic for checking user names was case sensitive, which could bypass the Windows containers’ runAsNonRoot
flag.
github.com/kubernetes/kubernetes/commit/588ff515bc349b213f5547a2231fb2dd58f8a177
github.com/kubernetes/kubernetes/commit/6b45bddbbd8f8f4882de9b4cf782b60d12b6b6f8
github.com/kubernetes/kubernetes/commit/76f969d9206e8e7d7ee78cae947b2b2551b944e2
github.com/kubernetes/kubernetes/commit/f58d3f3fe58451d4ade50786b2a188043fa504a2
github.com/kubernetes/kubernetes/issues/112192
groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA