Running Pods Allow Elevated User Privileges

CVE-2022-43915

8.1HIGH

Key Information

Vendor: IBM
Status: App Connect Enterprise Certified Container
Vendor: CVE Published:; 24 August 2024

Summary

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.

Affected Version(s)

App Connect Enterprise Certified Container = 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 8.1 to: 6.8 - (MEDIUM)
Sep 21, 2024
Risk change from: 8.1 to: 6.8 - (MEDIUM)
Sep 21, 2024
Vulnerability published.
Aug 24, 2024
Vulnerability Reserved.
Oct 26, 2022

Collectors

NVD DatabaseMitre Database