Unknown · Openshift4/Ose-Docker-Builder · CVE-2021-20182
Name of the Vulnerable Software and Affected Versions:
openshift4/ose-docker-builder (affected versions not specified)
Description:
A privilege escalation flaw was found in the build container, which runs with high privileges using a chrooted environment instead of runc. If an attacker gains access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to escalate their privileges to that of the cluster admin. The highest threat from this issue is to data confidentiality and integrity as well as system availability.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.