4.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-11245

GHSA ID

GHSA-r76g-g87f-vw8f

EPSS Score

0.39406%

CWE

CWE-266

Published

4/24/2024

Updated

6/10/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-11245

CVE-2019-11245: Kubelet Incorrect Privilege Assignment

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.

(GitHub Advisory)

4.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-11245

GHSA ID

GHSA-r76g-g87f-vw8f

EPSS Score

0.39406%

CWE

CWE-266

Published

4/24/2024

Updated

6/10/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
k8s.io/kubernetes/cmd/kubelet	go	>= 1.14.0, < 1.14.3	1.14.3
k8s.io/kubernetes/cmd/kubelet	go	>= 1.13.0, < 1.13.7	1.13.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

In ku**l*t v*.**.* *n* v*.**.*, *ont*in*rs *or po*s t**t *o not sp**i*y *n *xpli*it `run*sUs*r` *tt*mpt to run *s ui* * (root) on *ont*in*r r*st*rt, or i* t** im*** w*s pr*viously pull** to t** no**. I* t** po* sp**i*i** `mustRun*sNonRoot: tru*`, t**

Reasoning

No *n*lysis *v*il**l*

4.9

Basic Information

Concerned about an active attack path?

CVE-2019-11245: Kubelet Incorrect Privilege Assignment

4.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI