6.7
CVE-2024-33522
- EPSS 0.05%
- Veröffentlicht 29.04.2024 23:15:06
- Zuletzt bearbeitet 21.11.2024 09:17:04
- Quelle psirt@tigera.io
- CVE-Watchlists
- Unerledigt
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellertigera
≫
Produkt
calico
Default Statusunaffected
Version <
v3.26.5
Version
0
Status
affected
Version <
v3.27.3
Version
v3.27.0
Status
affected
Version
v3.28.0
Status
unaffected
Herstellertigera
≫
Produkt
calico_enterprise
Default Statusunaffected
Version <
v3.17.4
Version
0
Status
affected
Version <
v3.18.2
Version
v3.18.0
Status
affected
Version <
v3.19.0-2.0
Version
v3.19.0-1.0
Status
affected
Herstellertigera
≫
Produkt
calico_cloud
Default Statusunaffected
Version <
v19.3.0
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.168 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@tigera.io | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.