cbcvebase.
CVE-2019-11245
published 2019-08-29

CVE-2019-11245: In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the…

PriorityP337high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.60%
44.2th percentile
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiankubernetes
k8s.iokubernetes>= 1.13.0 < 1.13.71.13.7
k8s.iokubernetes>= 1.14.0 < 1.14.31.14.3
k8s.iokubernetes_cmd_kubelet>= 1.13.0 < 1.13.71.13.7
k8s.iokubernetes_cmd_kubelet>= 1.14.0 < 1.14.31.14.3
kuberneteskubernetes
kuberneteskubernetes
kuberneteskubernetes
kuberneteskubernetes

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_debian4.9LOW
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.