Vulnerability DatabaseCVE-2022-38060
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-38060
December 21, 2022
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
Affected Packages
kolla (PYTHON):
Affected version(s)
Fix Suggestion:
Update to version 15.0.0.0rc1
Related ResourcesĀ (6)
https://github.com/openstack/kolla/commit/2a4a8fce31c12114e8f472c24dd96864b5bd2bd2
https://nvd.nist.gov/vuln/detail/CVE-2022-38060
https://github.com/openstack/kolla
https://bugs.launchpad.net/kolla/+bug/1985784
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1589
https://bugzilla.redhat.com/show_bug.cgi?id=2124758
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Privilege Management
CWE-269
Untrusted Search Path
CWE-426
EPSS
Base Score:
0.03