x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994

GoVulnBot · 2024-07-18T22:01:11Z

Advisory GHSA-82m2-cv7p-4m75 references a vulnerability in the following Go modules:

Module
k8s.io/kubernetes

Description:
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

References:

ADVISORY: GHSA-82m2-cv7p-4m75
ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-5321
FIX: kubernetes/kubernetes@23660a7
FIX: kubernetes/kubernetes@84beb29
FIX: kubernetes/kubernetes@90589b8
FIX: kubernetes/kubernetes@de20330
REPORT: CVE-2024-5321: Incorrect permissions on Windows containers logs kubernetes/kubernetes#126161
WEB: https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0

Cross references:

Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-qh36-44jv-c8xj #617 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/apiserver: GHSA-pmqp-h87c-mr78 #703 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/util/mount: GHSA-wqwf-x5cj-rg56 #886 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2020-8561, GHSA-74j8-88mm-7496 #904 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25735, GHSA-g42g-737j-qx6j #907 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25737, GHSA-mfv7-gq43-w965 #908 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25740, GHSA-vw47-mr44-3jf9 #909 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25741, GHSA-f5f7-6478-qm6p #910 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2020-8554, GHSA-j9wf-vvm6-4r9w #940 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/kubectl: CVE-2021-25743, GHSA-f9jg-8p32-2f55 #983 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2jx2-76rc-2v7v #1492 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-xc8m-28vv-4pjc #1864 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-qc2g-gmh6-95p4 #1891 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-cgcv-5272-97pr #1892 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-f4w6-3rh6-6q4q #1943 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-q4rr-64r9-fwgf #1946 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2jq6-ffph-p4h8 #1959 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-mm7g-f2gg-cw8g #1977 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2h9c-34v6-3qmr #1985 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-q78c-gwqw-jcmc #2170 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-7fxm-f474-hf8w #2330 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-hq6q-c2x6-hmch #2341 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue dummy issue #64
Module k8s.io/kubernetes appears in issue dummy issue #65
Module k8s.io/kubernetes appears in issue dummy issue #66
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-jp32-vmm6-3vf5 #701
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-pxhw-596r-rwq5 #2746
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/apimachinery: GHSA-33c5-9fx5-fvjm #2748
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/kubelet: GHSA-55qj-gj3x-jq9r #2753
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5x96-j797-5qqw #2754
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5xfg-wv98-264m #2755
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/cmd/kubelet: GHSA-r76g-g87f-vw8f #2780

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: k8s.io/kubernetes
      versions:
        - fixed: 1.27.16
        - introduced: 1.28.0
        - fixed: 1.28.12
        - introduced: 1.29.0
        - fixed: 1.29.7
        - introduced: 1.30.0
        - fixed: 1.30.3
      vulnerable_at: 1.30.2
summary: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
cves:
    - CVE-2024-5321
ghsas:
    - GHSA-82m2-cv7p-4m75
references:
    - advisory: https://github.com/advisories/GHSA-82m2-cv7p-4m75
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-5321
    - fix: https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa
    - fix: https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a
    - fix: https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190
    - fix: https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1
    - report: https://github.com/kubernetes/kubernetes/issues/126161
    - web: https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0
source:
    id: GHSA-82m2-cv7p-4m75
    created: 2024-07-18T22:01:11.24326376Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-07-19T16:49:21Z

Change https://go.dev/cl/599636 mentions this issue: data/reports: add 4 unreviewed reports

tatianab added the triaged label Jul 19, 2024

gopherbot closed this as completed in ba32577 Jul 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994

GoVulnBot commented Jul 18, 2024

gopherbot commented Jul 19, 2024

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994

Comments

GoVulnBot commented Jul 18, 2024

gopherbot commented Jul 19, 2024