A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Affected Packages

Go k8s.io/kubernetes

Affected versions: 0 (fixed in 1.27.16)

Go k8s.io/kubernetes

Affected versions: 1.28.0 (fixed in 1.28.12)

Go k8s.io/kubernetes

Affected versions: 1.29.0 (fixed in 1.29.7)

Go k8s.io/kubernetes

Affected versions: 1.30.0 (fixed in 1.30.3)

Related CVEs

CVE-2024-5321

Key Information

GHSA ID

GHSA-82m2-cv7p-4m75

Published

July 18, 2024 9:30 PM

Last Modified

November 18, 2024 4:26 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

k8s.io/kubernetes

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.