Privilege Context Switching Flaw in Kubernetes CRI-O by the Kubernetes Project
CVE-2018-1000400

8.8HIGH

Key Information:

Vendor: Kubernetes
Status: Cri-o
Vendor: CVE Published:; 18 May 2018

Summary

The vulnerability in Kubernetes CRI-O prior to version 1.9 is characterized by a privilege context switching error that affects the handling of ambient capabilities. This flaw can potentially allow containers to execute with elevated privileges, which enables users to gain unauthorized capabilities. By exploiting this vulnerability through container execution, attackers could compromise security protocols, highlighting the importance of upgrading to the patched version 1.9 to mitigate this risk.

References

https://github.com/kubernetes-incubator/cri-o/pull/1558/f...

x_refsource_MISC

http://www.securityfocus.com/bid/104262

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2018
Vulnerability Reserved
May 18, 2018