Vulnerability Description
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | < 3.7.53 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:2013Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2013Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843Issue TrackingVendor Advisory
FAQ
What is CVE-2018-10843?
CVE-2018-10843 is a vulnerability with a CVSS score of 8.5 (HIGH). source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to r...
How severe is CVE-2018-10843?
CVE-2018-10843 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10843?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform.