Privilege Escalation Vulnerability in OpenStack Kolla by OpenStack
CVE-2022-38060

8.8HIGH

Key Information:

Vendor
Openstack
Status
Openstack
Vendor
CVE Published:
21 December 2022

Summary

A misconfiguration in the sudoers file located in /etc/sudoers within a container running OpenStack Kolla can lead to privilege escalation, allowing unauthorized users to gain elevated privileges within the environment. This vulnerability underscores the importance of careful configuration management and security measures in containerized applications to avoid potential exploitation.

Affected Version(s)

OpenStack git master 05194e7618

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

CVSS V3.0

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.