CVE-2018-1000400
First published: Fri May 18 2018(Updated: )
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kubernetes CRI-O | <1.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-1000400.
What is the severity of CVE-2018-1000400?
The severity of CVE-2018-1000400 is high.
What is the affected software for CVE-2018-1000400?
The affected software for CVE-2018-1000400 is Kubernetes CRI-O version prior to 1.9.
How does CVE-2018-1000400 impact containers?
CVE-2018-1000400 can result in containers running with elevated privileges, allowing users abilities they should not have.
Where can I find more information about CVE-2018-1000400?
You can find more information about CVE-2018-1000400 at the following references: [http://www.securityfocus.com/bid/104262](http://www.securityfocus.com/bid/104262), [https://github.com/kubernetes-incubator/cri-o/pull/1558/files](https://github.com/kubernetes-incubator/cri-o/pull/1558/files).
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/tags
- vendor/kubernetes
- canonical/kubernetes cri-o