From ecfc7f189d3fe16c43c9f04af520a7566b81107f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Thu, 10 Nov 2022 19:43:53 +0100 Subject: [PATCH] Add CVE-2021-25749 to CHANGELOG-1.23.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- CHANGELOG/CHANGELOG-1.23.md | 49 +++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/CHANGELOG/CHANGELOG-1.23.md b/CHANGELOG/CHANGELOG-1.23.md index 84c864796e0..632fbb3f058 100644 --- a/CHANGELOG/CHANGELOG-1.23.md +++ b/CHANGELOG/CHANGELOG-1.23.md @@ -56,6 +56,7 @@ - [Changelog since v1.23.10](#changelog-since-v12310) - [Important Security Information](#important-security-information-1) - [CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)](#cve-2022-3172-aggregated-api-server-can-cause-clients-to-be-redirected-ssrf) + - [CVE-2021-25749: `runAsNonRoot` logic bypass for Windows containers](#cve-2021-25749-runasnonroot-logic-bypass-for-windows-containers) - [Changes by Kind](#changes-by-kind-3) - [Bug or Regression](#bug-or-regression-3) - [Dependencies](#dependencies-3) @@ -803,6 +804,54 @@ This vulnerability was reported by Nicolas Joly & Weinong Wang from Microsoft **CVSS Rating:** Medium (5.1) [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L) +### CVE-2021-25749: `runAsNonRoot` logic bypass for Windows containers + +A security issue was discovered in Kubernetes that could allow Windows workloads to run as `ContainerAdministrator` even when those workloads set the `runAsNonRoot` option to `true `. + +This issue has been rated low and assigned CVE-2021-25749 + +**Am I vulnerable?** + +All Kubernetes clusters with following versions, running Windows workloads with `runAsNonRoot` are impacted + +**Affected Versions**: + +- kubelet v1.20 - v1.21 +- kubelet v1.22.0 - v1.22.13 +- kubelet v1.23.0 - v1.23.10 +- kubelet v1.24.0 - v1.24.4 + +**How do I mitigate this vulnerability?** + +There are no known mitigations to this vulnerability. + +**Fixed Versions**: + +- kubelet v1.22.14 +- kubelet v1.23.11 +- kubelet v1.24.5 +- kubelet v1.25.0 + + +To upgrade, refer to this documentation _For core Kubernetes:_ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster + +**Detection**: + +Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as. + +If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io + +**Additional Details**: + +See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/112192 + +**Acknowledgements**: + +This vulnerability was reported and fixed by Mark Rosetti (@marosset) + + +**CVSS Rating:** Low (3.4) [CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C) + ## Changes by Kind ### Bug or Regression