CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.3%
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\UsersΒ may be able to read container logs and NT AUTHORITY\Authenticated UsersΒ may be able to modify container logs.
Vendor | Product | Version | CPE |
---|---|---|---|
k8s.io | kubernetes | * | cpe:2.3:a:k8s.io:kubernetes:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-82m2-cv7p-4m75
github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa
github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a
github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190
github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1
github.com/kubernetes/kubernetes/issues/126161
groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0
nvd.nist.gov/vuln/detail/CVE-2024-5321