CVE-2018-1000400

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000400

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000400.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000400

Downstream

RHBA-2018:1796

Published

2018-05-18T18:29:00Z

Modified

2025-01-14T07:20:14.998240Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.

References

Affected packages

Git / github.com/cri-o/cri-o

Affected ranges

Type: GIT
Repo: https://github.com/cri-o/cri-o
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

814c6ab0913d827543696b366048056a31d9529c

Affected versions

v0.*

v0.0.0

v0.1

v0.2

v0.3

v1.*

v1.0.0

v1.0.0-alpha.0

v1.0.0-beta.0

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.8.0

v1.9.0-beta.1

v1.9.0-beta.2