CVE-2019-11245
Last modified
CVE-2019-11245 is a vulnerability of currently unknown severity. In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | 1.13.6 |
| Kubernetes | Kubernetes | 1.14.2 |
References
- https://github.com/kubernetes/kubernetes/issues/78308Exploit, Patch, Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/78308Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11245?
How severe is CVE-2019-11245?
How do I fix CVE-2019-11245?
Are you affected by CVE-2019-11245?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST