CVE-2018-10843
Last modified
CVE-2018-10843 is a vulnerability of currently unknown severity. source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.. EPSS estimates a 1.35% chance of exploitation in the next 30 days.
Description
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | < 3.7.53 |
| Redhat | Openshift Container Platform | 3.9 |
| Redhat | Openshift Container Platform | 3.9.31 |
References
- https://access.redhat.com/errata/RHSA-2018:2013Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843Issue Tracking, Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2013Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10843?
How severe is CVE-2018-10843?
How do I fix CVE-2018-10843?
Are you affected by CVE-2018-10843?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST