Privilege Context Switching Error

2018-05-2105:59:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

48.9%

JSON

github.com/kubernetes-incubator/cri-o is susceptible to privilege context switching error. The vulnerability exists in handling ambient capabilities. During container execution, containers running with elevated privileges may allow a user with lower privilege to perform abilities they should not have.

CPENameOperatorVersion
github.com/kubernetes-incubator/cri-oeqHEAD
github.com/kubernetes-incubator/cri-ole1.10.0
atomic-openshift-web-consoleeq3.9.27__1.git.242.0fcf673.el7
atomic-openshift-web-consoleeq3.9.14__1.git.229.04c20c2.el7
golang-github-prometheus-node_exportereq3.9.27__1.git.887.8969372.el7
golang-github-prometheus-node_exportereq0.15.1__1.gitba5da2c.el7
golang-github-prometheus-node_exportereq0.15.2__2.git98bc649.el7
rubygem-fluent-plugin-elasticsearcheq1.0.0__2.el7aos
rubygem-fluent-plugin-elasticsearcheq1.3.0__2.el7
rubygem-fluent-plugin-elasticsearcheq1.9.5.1__1.el7

Name	Operator	Version
github.com/kubernetes-incubator/cri-o	eq	HEAD
github.com/kubernetes-incubator/cri-o	le	1.10.0
atomic-openshift-web-console	eq	3.9.27__1.git.242.0fcf673.el7
atomic-openshift-web-console	eq	3.9.14__1.git.229.04c20c2.el7
golang-github-prometheus-node_exporter	eq	3.9.27__1.git.887.8969372.el7
golang-github-prometheus-node_exporter	eq	0.15.1__1.gitba5da2c.el7
golang-github-prometheus-node_exporter	eq	0.15.2__2.git98bc649.el7
rubygem-fluent-plugin-elasticsearch	eq	1.0.0__2.el7aos
rubygem-fluent-plugin-elasticsearch	eq	1.3.0__2.el7
rubygem-fluent-plugin-elasticsearch	eq	1.9.5.1__1.el7