CloudBees Kubernetes recommendations for Docker CVE-2019-5736

Article ID:360024369331
1 minute readKnowledge base

Issue

On Monday, February 11, 2019, critical vulnerability, [CVE-2019-5736 ], was announced for Docker.

Environment

  • Your Kubernetes Cluster

Recommendations

While CloudBees does not provide Kubernetes support; we do realize many of our customers may have questions about this CVE and look to us for guidance and direction. This article offers our recommendations and provides links to additional resources.

Background

The CVE is CVE-2019-5736. The CVE is in the National Vulnerability Database CVE-2019-5736 awaiting analysis.

Update runc to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host.

Recommendations

CloudBees recommends customers follow the recommendations provided by Kubernetes to mitigate the risk. Kubernetes Recommendation for CVE-2019-5736

Recommendations for customers using a managed Kubernetes solution.

CloudBees Customers using GKE or EKS should follow the recommended guidelines provided by their provider links below.

Here are links to security bulletins for GKE and EKS.