CVE-2021-25749

Summary

Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

Affected Software

VendorProductVersion RangeStatus
KubernetesKuberneteskubelet v1.22.0 - v1.22.13 < v1.22.14affected
KubernetesKuberneteskubelet v1.23.0 - v1.23.10 < v1.23.11affected
KubernetesKuberneteskubelet v1.24.0 - v1.24.4 < v1.24.5affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References