CVE-2024-5321 MEDIUM

CVE-2024-5321: Incorrect permissions on Windows containers logs

Vendor Kubernetes
Product Kubernetes
Weakness CWE-276
Published July 18, 2024
Last update September 13, 2024

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Key dates

02Disclosure timeline

July 18, 2024 CVE published
September 13, 2024 Record updated