CVE-2024-5321

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Usersmay be able to read container logs and NT AUTHORITY\Authenticated Usersmay be able to modify container logs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
kubernetesCNA
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
kubernetes
bullseye
1.20.5+really1.20.2-1
fixed
bookworm
1.20.5+really1.20.2-1.1
fixed
sid
1.32.3+ds-1
fixed
trixie
1.32.3+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kubernetes
plucky
dne
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
Common Weakness Enumeration
References
https://github.com/kubernetes/kubernetes/issues/126161
https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0
http://www.openwall.com/lists/oss-security/2024/07/17/3
https://github.com/kubernetes/kubernetes/issues/126161
https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0