PT-2018-10136 · Red Hat · Openshift Container Platform

Sam Fowler

Publicado

2018-07-02

Atualizado

2019-10-09

CVE-2018-10843

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Openshift Container Platform versions prior to atomic-openshift 3.7.53 Openshift Container Platform versions prior to atomic-openshift 3.9.31

Description The issue allows for privilege escalation, enabling the assemble script to run as the root user in a non-privileged container. This could allow an attacker to open network connections and possibly perform other actions on the host that are normally only available to a root user.

Recommendations For versions prior to atomic-openshift 3.7.53, update to atomic-openshift 3.7.53 or later. For versions prior to atomic-openshift 3.9.31, update to atomic-openshift 3.9.31 or later.

Correção

Incorrect Permission

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-20

Identificadores relacionados

CVE-2018-10843

RHSA-2018:2013

Produtos afetados

Openshift Container Platform

PT-2018-10136 · Red Hat · Openshift Container Platform

CVE-2018-10843

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4