Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104262 | Third Party Advisory VDB Entry |
https://github.com/kubernetes-incubator/cri-o/pull/1558/files | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-18T18:00:00
Updated: 2018-05-25T09:57:01
Reserved: 2018-05-18T00:00:00
Link: CVE-2018-1000400
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-18T18:29:00.233
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-1000400
JSON object: View
Redhat Information
No data.
CWE