Sherbang

**Name of the Vulnerable Software and Affected Versions** kubelet versions 1.13.6 through 1.14.2 **Description** The issue concerns containers for pods that do not specify an explicit `runAsUser`, which attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If a pod specified `mustRunAsNonRoot: true`, the kubelet will refuse to start the container as root. However, if the pod did not specify `mustRunAsNonRoot: true`, the kubelet will run the container as uid 0. **Recommendations** For kubelet versions 1.13.6 through 1.14.2, consider specifying `mustRunAsNonRoot: true` for pods to prevent them from running as root. As a temporary workaround, ensure that all pods specify an explicit `runAsUser` to avoid running containers as uid 0. Restrict access to containers that do not specify `mustRunAsNonRoot: true` to minimize the risk of exploitation.