GHSA-rvxr-pf5f-j2qj

Source

https://github.com/advisories/GHSA-rvxr-pf5f-j2qj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-rvxr-pf5f-j2qj/GHSA-rvxr-pf5f-j2qj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rvxr-pf5f-j2qj

Aliases

CVE-2022-38060

Published

2022-12-21T12:30:24Z

Modified

2025-05-07T18:27:20.722285Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

OpenStack Kolla sudo privilege escalation vulnerability

Details

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

Database specific

{
    "nvd_published_at": "2022-12-21T11:15:00Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-269",
        "CWE-426"
    ],
    "github_reviewed_at": "2025-05-07T17:39:19Z"
}

References

Affected packages

PyPI / kolla

Package

Name: kolla; View open source insights on deps.dev
Purl: pkg:pypi/kolla

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.0.0.0rc1

Affected versions

0.*

0.0.1

1.*

1.1.0

1.1.1

1.1.2

2.*

2.0.0.0rc1

2.0.0.0rc2

2.0.0.0rc3

2.0.0.0rc4

2.0.0

2.0.1

2.0.2

2.0.3

3.*

3.0.0.0b1

3.0.0.0b2

3.0.0.0b3

3.0.0.0rc1

3.0.0.0rc2

3.0.0.0rc3

3.0.0

3.0.1

3.0.2

3.0.3

4.*

4.0.0.0b1

4.0.0.0b2

4.0.0.0b3

4.0.0.0rc1

4.0.0.0rc2

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

5.*

5.0.0.0b2

5.0.0.0b3

5.0.0.0rc1

5.0.0.0rc2

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

6.*

6.0.0.0b2

6.0.0.0b3

6.0.0.0rc1

6.0.0.0rc2

6.0.0

6.1.0

6.1.1

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

7.*

7.0.0.0b2

7.0.0.0b3

7.0.0.0rc1

7.0.0.0rc2

7.0.0.0rc3

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.1.0

7.1.1

8.*

8.0.0.0b1

8.0.0.0rc1

8.0.0.0rc2

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

9.*

9.0.0.0rc1

9.0.0.0rc2

9.0.0

9.0.1

9.1.0

9.1.1

9.2.0

9.3.0

9.3.1

9.4.0

10.*

10.0.0.0rc1

10.0.0.0rc2

10.0.0

10.1.0

10.2.0

10.3.0

10.4.0

11.*

11.0.0.0rc1

11.0.0.0rc2

11.0.0

11.1.0

11.2.0

11.2.1

11.3.0

12.*

12.0.0.0rc1

12.0.0.0rc2

12.0.0

12.0.1

12.1.0

12.2.0

12.3.0

12.4.0

12.5.0

12.6.0

12.7.0

13.*

13.0.0.0rc1

13.0.0.0rc2

13.0.0.0rc3

13.0.0

13.0.1

13.1.0

13.2.0

13.3.0

13.4.0

13.5.0

13.6.0

13.7.0

13.8.0

13.9.0

13.10.0

14.*

14.0.0.0rc1

14.0.0.0rc2

14.0.0

14.1.0

14.2.0

14.3.0

14.4.0

14.5.0

14.6.0

14.7.0

14.8.0

14.9.0

14.10.0

14.11.0

14.12.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-rvxr-pf5f-j2qj/GHSA-rvxr-pf5f-j2qj.json"