CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-10843

HIGH
8.5
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile10.15th
Published2018年7月2日
Last Modified2024年11月21日

Vulnerability Description

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.

Affected Platforms (CPE)

📦
Redhat

Openshift Container Platform

< 3.7.53
📦
Redhat

Openshift Container Platform

= 3.9
📦
Redhat

Openshift Container Platform

= 3.9.31

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2018:2013
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843
🔗 https://access.redhat.com/errata/RHSA-2018:2013
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843

相关漏洞威胁

CVE-2019-38999.8

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interfac...

CVE-2019-148198.8

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service acc...

CVE-2021-201988.1

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of Ope...

CVE-2018-146327.7

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platfo...