Privilege escalation in OpenShift Container Platform for Windows Containers



Published: 2022-05-04
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-20206
CWE-ID CWE-424
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
OpenShift Container Platform for Windows Containers
Server applications / Virtualization software

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Protection of Alternate Path

EUVDB-ID: #VU55590

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20206

CWE-ID: CWE-424 - Improper Protection of Alternate Path

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the affected system.

the vulnerability exists due to improper input validation. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows a remote user to execute other existing binaries other than the cni plugins/types, such as 'reboot'.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Container Platform for Windows Containers: 2.0.0 - 2.0.4

External links

http://access.redhat.com/errata/RHSA-2022:1660


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###