CGA-x3vx-vp4r-24x8

Published

Last updated

https://images.chainguard.dev/security/CGA-x3vx-vp4r-24x8

Package

argo-cd-2.8

Repository

Chainguard

Latest Update

Fix not planned

Aliases

GHSA-82m2-cv7p-4m75

Severity

Unknown

Summary

Kubernetes sets incorrect permissions on Windows containers logs

Description

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

References

https://github.com/advisories/GHSA-82m2-cv7p-4m75
https://nvd.nist.gov/vuln/detail/CVE-2024-5321
https://github.com/kubernetes/kubernetes/issues/126161
https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa
https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a
https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190
https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1
https://github.com/kubernetes/kubernetes
https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-x3vx-vp4r-24x8

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources