Privilege escalation in OpenShift Container Platform 4.10



Published: 2022-05-04 | Updated: 2022-05-12
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-27652
CWE-ID CWE-276
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

openshift (Red Hat package)
Operating systems & Components / Operating system package or component

jenkins-2-plugins (Red Hat package)
Operating systems & Components / Operating system package or component

cri-o (Red Hat package)
Operating systems & Components / Operating system package or component

jenkins (Red Hat package)
Operating systems & Components / Operating system package or component

jq (Red Hat package)
Operating systems & Components / Operating system package or component

python-boto (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Incorrect default permissions

EUVDB-ID: #VU62796

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27652

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to containers are incorrectly started with non-empty default permissions within in Moby (Docker Engine). An attacker with access to programs with inheritable file capabilities can elevate those capabilities to the permitted set when execve(2) runs.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.10 - 4.10.11

openshift (Red Hat package): 4.10.0-202202250816.p0.ge419edf.assembly.stream.el7 - 4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8

jenkins-2-plugins (Red Hat package): 4.10.1643404185-1.el8 - 4.10.1647505461-1.el8

cri-o (Red Hat package): 1.23.2-2.rhaos4.10.git071ae78.el8

jenkins (Red Hat package): 2.319.2.1643288987-1.el8 - 2.319.2.1643964085-1.el8

jq (Red Hat package): 1.3-2.el7 - 1.5-11.el7

python-boto (Red Hat package): 2.25.0-2.el7

External links

http://access.redhat.com/errata/RHSA-2022:1600


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###