A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is…
redhat·CWE-266·Published 2020-01-07
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.
Se encontró un fallo durante la actualización de un clúster existente de OpenShift Container Platform versiones 3.x. Usando CRI-O, la cuenta de servicio dockergc es asignada al espacio de nombres actual del usuario que lleva a cabo la actualización. Este fallo puede permitir a un usuario sin privilegios escalar sus privilegios a los permitidos por las Restricciones del Contexto de Seguridad privilegiadas.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.5 | 8.0 | 6.4 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 7.5 | — | — | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.0 | Primary | cve.org | 7.5 | — | — | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.0 | Secondary | NVD | 7.5 | 1.6 | 5.9 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |