Security vulnerability in Kubernetes clusters with Windows nodes
CVE-2024-5321

6.1MEDIUM

Key Information:

Vendor: Kubernetes
Status: Kubernetes
Vendor: CVE Published:; 18 July 2024

Summary

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Affected Version(s)

Kubernetes Windows 1.27.0 <= 1.27.15

Kubernetes Windows 1.28.0 <= 1.28.11

References

https://github.com/kubernetes/kubernetes/issues/126161

issue-tracking

https://groups.google.com/g/kubernetes-security-announce/...

mailing-list

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2024
Vulnerability Reserved
May 24, 2024

Credit

Paulo Gomes @pjbgf, SUSE