Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.
Score CVSS v3.0
8.8
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Informations
- Publié
- 18 mai 2018
- Mis à jour
- 21 nov. 2024
- Statut
- Modified
- Source
- cve@mitre.org
Produits affectés
kubernetes cri-o
Versions : 1.9.0
Faiblesses (CWE)
CWE-269
Références (4)
- http://www.securityfocus.com/bid/104262Third Party AdvisoryVDB Entry
- https://github.com/kubernetes-incubator/cri-o/pull/1558/filesPatchThird Party Advisory
- http://www.securityfocus.com/bid/104262Third Party AdvisoryVDB Entry
- https://github.com/kubernetes-incubator/cri-o/pull/1558/filesPatchThird Party Advisory
CVEs similaires
Autres vulnérabilités de type CWE-269
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.