CVE-2018-1000400
Summary
| CVE | CVE-2018-1000400 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-18 18:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kubernetes | Cri-o | All | All | All | All |
| Application | Kubernetes | Cri-o | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [1.9] Remove ambient capabilities by mrunalp · Pull Request #1558 · cri-o/cri-o · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Kubernetes CRI-O CVE-2018-1000400 Remote Privilege Escalation Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.