Lucene search
Veracode Vulnerability DatabaseVERACODE:40699HistoryMay 26, 2023 - 6:54 a.m.
Improper Access Control
2023-05-2606:54:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
github
kubernetes
vulnerability
security context windows
bypassing
runasnonroot flag
EPSS
0
Percentile
9.0%
github.com/kubernetes/kubernetes is vulnerable to Improper Access Control. The vulnerability exists in the verifyRunAsNonRoot function of security_context_windows.go because the logic for checking user names was case sensitive, which could bypass the Windows containers’ runAsNonRoot flag.
References
github.com/kubernetes/kubernetes/commit/588ff515bc349b213f5547a2231fb2dd58f8a177
github.com/kubernetes/kubernetes/commit/6b45bddbbd8f8f4882de9b4cf782b60d12b6b6f8
github.com/kubernetes/kubernetes/commit/76f969d9206e8e7d7ee78cae947b2b2551b944e2
github.com/kubernetes/kubernetes/commit/f58d3f3fe58451d4ade50786b2a188043fa504a2
github.com/kubernetes/kubernetes/issues/112192
groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA
Related
osv
osv
CGA-hcj5-q2xc-q799
2024-06-06 12:27:41
CVE-2021-25749
2023-05-24 17:15:09
prion
prion
Design/Logic Flaw
2023-05-24 17:15:00
nvd
nvd
CVE-2021-25749
2023-05-24 17:15:09
cvelist
cvelist
CVE-2021-25749 runAsNonRoot logic bypass for Windows containers
2023-05-24 00:00:00
redhatcve
redhatcve
CVE-2021-25749
2022-09-19 05:43:26
debiancve
debiancve
CVE-2021-25749
2023-05-24 17:15:09
cve
cve
CVE-2021-25749
2023-05-24 17:15:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2292-1)
2023-05-29 00:00:00
nessus
nessus
SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2023:2292-1)
2023-05-26 00:00:00
redhat
redhat