๐Ÿ” CVE Alert

CVE-2021-25749

HIGH 7.8

runAsNonRoot logic bypass for Windows containers

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

CWE CWE-284
Vendor kubernetes
Product kubernetes
Ecosystems
Industries
Technology
Published May 24, 2023
Last Updated Jan 16, 2025
Stay Ahead of the Next One

Get instant alerts for kubernetes kubernetes

Be the first to know when new high vulnerabilities affecting kubernetes kubernetes are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Kubernetes / Kubernetes
kubelet v1.22.0 - v1.22.13 < v1.22.14 kubelet v1.23.0 - v1.23.10 < v1.23.11 kubelet v1.24.0 - v1.24.4 < v1.24.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
groups.google.com: https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA

Credits

Mark Rosetti (@marosset) of Microsoft