VDB

GCVE-110-CLOUD-2021-0031

GCVE-110-CLOUD-2021-0031
Advisory Published
Vulnetix · Advisory published February 15, 2021
An attacker could gain root privileges on their Azure Cloud Shell container, escape from the container, and then gain root privileges on the underlying node, the root cause being an insecure kubelet port (10250), among other cluster misconfigurations. Once they could access the node filesystem, an attacker could extract kubelet API credentials which allowed listing all pods and nodes in the cluster, including those belonging to other tenants. Moreover, an attacker could bypass RBAC policies in the cluster by deploying a pod with the "NodeSelector" flag, and thereby escalate their privileges to root on other tenants' containers (the same issue affected Azure Container Instances).

Affected Products

VendorProductVersionsPlatforms
AzureContainer Instances

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›