Privilege Escalation Vulnerability in OpenStack Kolla by OpenStack
CVE-2022-38060

8.8HIGH

Key Information:

Vendor: Openstack
Status: Openstack
Vendor: CVE Published:; 21 December 2022

Summary

A misconfiguration in the sudoers file located in /etc/sudoers within a container running OpenStack Kolla can lead to privilege escalation, allowing unauthorized users to gain elevated privileges within the environment. This vulnerability underscores the importance of careful configuration management and security measures in containerized applications to avoid potential exploitation.

Affected Version(s)

OpenStack git master 05194e7618

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 21, 2022
Vulnerability Reserved
Aug 10, 2022