{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5321", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2024-05-24T15:17:53.856Z", "datePublished": "2024-07-18T18:15:25.270Z", "dateUpdated": "2024-09-13T17:05:30.545Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2024-09-06T14:15:20.038Z"}, "title": "Incorrect permissions on Windows containers logs", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "affected": [{"vendor": "Kubernetes", "product": "Kubernetes", "platforms": ["Windows"], "repo": "https://github.com/kubernetes/kubernetes", "modules": ["kubelet"], "versions": [{"status": "affected", "version": "1.27.0", "lessThanOrEqual": "1.27.15", "versionType": "semver"}, {"status": "affected", "version": "1.28.0", "lessThanOrEqual": "1.28.11", "versionType": "semver"}, {"status": "affected", "version": "1.29.0", "lessThanOrEqual": "1.29.6", "versionType": "semver"}, {"status": "affected", "version": "1.30.0", "lessThanOrEqual": "1.30.2", "versionType": "semver"}, {"status": "unaffected", "version": "1.27.16"}, {"status": "unaffected", "version": "1.28.12"}, {"status": "unaffected", "version": "1.29.7"}, {"status": "unaffected", "version": "1.30.3"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users\u00a0may be able to read container logs and NT AUTHORITY\\Authenticated Users\u00a0may be able to modify container logs.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A security issue was discovered in Kubernetes clusters with Windows nodes where <code>BUILTIN\\Users</code>&nbsp;may be able to read container logs and <code>NT AUTHORITY\\Authenticated Users</code>&nbsp;may be able to modify container logs.</p><br>"}]}], "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/126161", "tags": ["issue-tracking"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "tags": ["mailing-list"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Paulo Gomes @pjbgf, SUSE", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T19:30:40.540454Z", "id": "CVE-2024-5321", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T19:30:48.148Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/126161", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/17/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-13T17:05:30.545Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/126161", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/17/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-13T17:05:30.545Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-18T19:30:40.540454Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T19:30:45.520Z"}}], "cna": {"title": "Incorrect permissions on Windows containers logs", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Paulo Gomes @pjbgf, SUSE"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/kubernetes", "vendor": "Kubernetes", "modules": ["kubelet"], "product": "Kubernetes", "versions": [{"status": "affected", "version": "1.27.0", "versionType": "semver", "lessThanOrEqual": "1.27.15"}, {"status": "affected", "version": "1.28.0", "versionType": "semver", "lessThanOrEqual": "1.28.11"}, {"status": "affected", "version": "1.29.0", "versionType": "semver", "lessThanOrEqual": "1.29.6"}, {"status": "affected", "version": "1.30.0", "versionType": "semver", "lessThanOrEqual": "1.30.2"}, {"status": "unaffected", "version": "1.27.16"}, {"status": "unaffected", "version": "1.28.12"}, {"status": "unaffected", "version": "1.29.7"}, {"status": "unaffected", "version": "1.30.3"}], "platforms": ["Windows"], "defaultStatus": "affected"}], "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/126161", "tags": ["issue-tracking"]}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "tags": ["mailing-list"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users\u00a0may be able to read container logs and NT AUTHORITY\\Authenticated Users\u00a0may be able to modify container logs.", "supportingMedia": [{"type": "text/html", "value": "<p>A security issue was discovered in Kubernetes clusters with Windows nodes where <code>BUILTIN\\Users</code>&nbsp;may be able to read container logs and <code>NT AUTHORITY\\Authenticated Users</code>&nbsp;may be able to modify container logs.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2024-09-06T14:15:20.038Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5321", "state": "PUBLISHED", "dateUpdated": "2024-09-13T17:05:30.545Z", "dateReserved": "2024-05-24T15:17:53.856Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2024-07-18T18:15:25.270Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users\u00a0may be able to read container logs and NT AUTHORITY\\Authenticated Users\u00a0may be able to modify container logs."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en cl\u00fasteres de Kubernetes con nodos de Windows donde BUILTIN\\Users pueden leer registros de contenedores y NT AUTHORITY\\Authenticated Users pueden modificar registros de contenedores."}], "id": "CVE-2024-5321", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2024-07-18T19:15:12.607", "references": [{"source": "jordan@liggitt.net", "url": "https://github.com/kubernetes/kubernetes/issues/126161"}, {"source": "jordan@liggitt.net", "url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/07/17/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/kubernetes/kubernetes/issues/126161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6734", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v7.2.2-14", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6734", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "openshift4-wincw/windows-machine-config-rhel8-operator:7.2.2-14", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6461", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v8.1.3-14", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6461", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4-wincw/windows-machine-config-rhel9-operator:8.1.3-16", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6460", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4-wincw/windows-machine-config-operator-bundle:v9.0.3-12", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6460", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4-wincw/windows-machine-config-rhel9-operator:9.0.3-12", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6460", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4/windows-machine-config-operator-bundle:v9.0.3-12", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-09T00:00:00Z"}], "bugzilla": {"description": "kubelet: Incorrect permissions on Windows containers logs", "id": "2298752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298752"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified"}, "cwe": "CWE-276", "details": ["A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users\u00a0may be able to read container logs and NT AUTHORITY\\Authenticated Users\u00a0may be able to modify container logs.", "A flaw was found in Kubernetes clusters with Windows nodes. BUILTIN\\Users\u00a0may be able to read container logs and NT AUTHORITY\\Authenticated Users\u00a0may be able to modify container logs."], "name": "CVE-2024-5321", "public_date": "2024-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-5321\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5321\nhttps://github.com/kubernetes/kubernetes/issues/126161\nhttps://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0"], "threat_severity": "Moderate"}

{}