CVE-2019-11245

MEDIUM

Kubernetes < 1.14.3 - Access Control

Title source: rule

Description

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.

References (2)

[Exploit, Patch, Third Party Advisory] https://github.com/kubernetes/kubernetes/issues/78308

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20190919-0003/

Scores

CVSS v3 4.9

EPSS 0.0015

EPSS Percentile 35.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-703 CWE-264

Status published

Products (3)

kubernetes/cmd 1.14.0 - 1.14.3Go

kubernetes/kubernetes 1.13.6

kubernetes/kubernetes 1.14.2

Published Aug 29, 2019

Tracked Since Feb 18, 2026