Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.
CVSS v3.0 Score
8.8
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Information
- Published
- 18 mai 2018
- Updated
- 21 nov. 2024
- Status
- Modified
- Source
- cve@mitre.org
Affected products
kubernetes cri-o
Versions : 1.9.0
Weaknesses (CWE)
CWE-269
References (4)
- http://www.securityfocus.com/bid/104262Third Party AdvisoryVDB Entry
- https://github.com/kubernetes-incubator/cri-o/pull/1558/filesPatchThird Party Advisory
- http://www.securityfocus.com/bid/104262Third Party AdvisoryVDB Entry
- https://github.com/kubernetes-incubator/cri-o/pull/1558/filesPatchThird Party Advisory
Similar CVEs
Other vulnerabilities of type CWE-269
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.